Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26030
HistoryMar 31, 2011 - 12:00 a.m.

"WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path

2011-03-3100:00:00
vulners.com
15

#####################################################################################

"WESPA PHP Newsletter v3.0" Remote Admin Password Change With

install path

#####################################################################################

Author: alieye

class : remote

E-mail: [email protected]

greetz: C.S.Eye Security Team members

We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety & All Iranian Hackers

Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com

#####################################################################################

download : http://www.wespadigital.com/scripts/wespanewsletter/wespa_php_newsletter_v3.zip

Dork : intitle:"News list Administration panel" or "WESPA PHP Newsletter v3.0"

Example :

  1. Go to url : target.com/newsletter/admin.php

  2. Clean admin.php and Go to target.com/newsletter/install/install1.php

  3. Write new password for admin and click next stage

  4. finish install

  5. Go to url : target.com/newsletter/admin.php

  6. Login admin with new password

Date : 03/29/2011