Lucene search
SecurityvulnsSECURITYVULNS:DOC:16100HistoryFeb 18, 2007 - 12:00 a.m.
mAlbum v0.3 admin by default user/pass
2007-02-1800:00:00
vulners.com
43
-
mAlbum v0.3
admin by default user/pass -
By : sn0oPy
-
Risk : high
-
exploit :
at http://www.target.ma/malbum/index.php (when private images)
Login : login
Password : pass
after login, you can creat new admin account, delete it,…
Dork :
inurl:"malbum/"
- Default user/pass present here : …\malbum\photos\users.php
<?php
$users = $admins = array();
$users['dqsfg'] = array('PASSWORD' => 'sdfg');
$admins['login'] = array(
'PASSWORD' => 'pass',
'DELETE_PHOTO',
'COMMENT_PHOTO',
'COMMENT_ALBUM',
'MANAGE_USER',
'MANAGE_ADMIN',
);
?>
-
contact : [email protected]
-
greetz : [subzero], http://forums.avenir-geopolitique.net.
-
Reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2677