* mAlbum v0.3
admin by default user/pass
* By : sn0oPy
* Risk : high
* exploit :
at http://www.target.ma/malbum/index.php (when private images)
Login : login
Password : pass
after login, you can creat new admin account, delete it,...
Dork :
inurl:"malbum/"
* Default user/pass present here : ...malbumphotosusers.php
<?php
$users = $admins = array();
$users['dqsfg'] = array('PASSWORD' => 'sdfg');
$admins['login'] = array(
'PASSWORD' => 'pass',
'DELETE_PHOTO',
'COMMENT_PHOTO',
'COMMENT_ALBUM',
'MANAGE_USER',
'MANAGE_ADMIN',
);
?>
* contact : sn0oPy (at) avenir-geopolitique (dot) net [email concealed]
* greetz : [subzero], http://forums.avenir-geopolitique.net.
* Reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2677