Bugtraq mailing list archives
Re: "Simple PHP Newsletter" Remote Admin Password Change With install path
From: Patrick Kelley <psworn () gmail com>
Date: Tue, 29 Mar 2011 10:56:41 -0400
So, essentially this threat can be removed by simply deleting the "install" directory, which is common practice when installing web applications? On Tue, Mar 29, 2011 at 10:03 AM, <cseye_ut () yahoo com> wrote:
##################################################################################### #### "Simple PHP Newsletter" Remote Admin Password Change With #### #### install path #### ##################################################################################### # # # Author: alieye # # # # class : remote # # # # E-mail: cseye_ut () yahoo com # # # # greetz: C.S.Eye Security Team members # # # # We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety & All Iranian Hackers # # # # Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com # ##################################################################################### download : http://quirm.net/download/23/ Dork : intitle:"News list Administration panel" or "Simple PHP Newsletter" Example : 1. Go to url : target.com/newsletter/admin.php or target.com/mailer/admin.php 2. Clean admin.php and Go to target.com/newsletter/install/install1.php or target.com/mailer/install/install1.php 3. Write new password for admin and click next stage 4. finish install 5. Go to url : target.com/newsletter/admin.php or target.com/mailer/admin.php 5. Login admin with new password Date : 03/29/2011
Current thread:
- "Simple PHP Newsletter" Remote Admin Password Change With install path cseye_ut (Mar 29)
- Re: "Simple PHP Newsletter" Remote Admin Password Change With install path Patrick Kelley (Mar 30)
- <Possible follow-ups>
- "Simple PHP Newsletter" Remote Admin Password Change With install path cseye_ut (Mar 29)