* mAlbum v0.3 admin by default user/pass * By : sn0oPy * Risk : high * exploit : at http://www.target.ma/malbum/index.php (when private images) Login : login Password : pass after login, you can creat new admin account, delete it,... Dork : inurl:"malbum/" * Default user/pass present here : ...\malbum\photos\users.php <?php $users = $admins = array(); $users['dqsfg'] = array('PASSWORD' => 'sdfg'); $admins['login'] = array( 'PASSWORD' => 'pass', 'DELETE_PHOTO', 'COMMENT_PHOTO', 'COMMENT_ALBUM', 'MANAGE_USER', 'MANAGE_ADMIN', ); ?> * contact : sn0oPy@xxxxxxxxxxxxxxxxxxxxxxx * greetz : [subzero], http://forums.avenir-geopolitique.net. * Reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2677
