Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17103
HistoryMay 26, 2007 - 12:00 a.m.

Web Directory / Search Engine v2.0 Authentication Bypass/Database Download Vulne

2007-05-2600:00:00
vulners.com
22
JSON

–/ INTRODUCTION –

  • Advisory : Web Directory / Search Engine v2.0 Authentication
    Bypass/Database Download Vulnerability
  • Release Date : 25 / 05 / 2007
  • Application : Web Directory / Search Engine v2.0
  • Impact : Remote
  • Googledork : "Web Directory / Search Engine v2.0" ,
  •                  or"allinurl:TD_SourcesTblsrch.asp"
  • Author : Titanichacker(egy-virus)
  • Contact : [email protected]
  • Home page : http://Hack-Teach.org

–/ REPRODUCE –

Attackers Can Authentication Bypass In This Product By Add The Following

Files:
('/Database.mdb') And Download The Database Which Contains Table Named
[admin]
The admin Name And Password Inside

Examples :

http://www.salesfly.com/member2/webdirectory/Database.mdb

http://www.shubhshagun.com/directory/Database.mdb

http://www.celtichosting.com/webdirectory/Database.mdb

thanx

    cold-zero & mohandko & tryag team & hack-teach

www.Hack-Teach.com & mohandko.com & tryag.com

Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

JSON