So, essentially this threat can be removed by simply deleting the "install" directory, which is common practice when installing web applications? On Tue, Mar 29, 2011 at 10:03 AM, <cseye_ut@xxxxxxxxx> wrote: > ##################################################################################### > #### "Simple PHP Newsletter" Remote Admin Password Change With #### > #### install path #### > ##################################################################################### > # # > # Author: alieye # > # # > # class : remote # > # # > # E-mail: cseye_ut@xxxxxxxxx # > # # > # greetz: C.S.Eye Security Team members # > # # > # We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety & All Iranian Hackers # > # # > # Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com # > ##################################################################################### > > download : http://quirm.net/download/23/ > > > Dork : intitle:"News list Administration panel" or "Simple PHP Newsletter" > > > Example : > > > 1. Go to url : target.com/newsletter/admin.php or target.com/mailer/admin.php > > 2. Clean admin.php and Go to target.com/newsletter/install/install1.php or target.com/mailer/install/install1.php > > 3. Write new password for admin and click next stage > > 4. finish install > > 5. Go to url : target.com/newsletter/admin.php or target.com/mailer/admin.php > > 5. Login admin with new password > > Date : 03/29/2011 >
