Bugtraq mailing list archives
Flog 1.1.2 Remote Admin Password Disclosure
From: corrado.liotta () alice it
Date: 5 Jan 2007 18:45:09 -0000
-=[--------------------ADVISORY-------------------]=- FLog 1.1.2 Author: CorryL [corryl80 () gmail com] -=[-----------------------------------------------]=- -=[+] Application: FLog -=[+] Version: 1.1.2 -=[+] Vendor's URL: http://www.fluffington.com/index.php?page=flog -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: Remote Admin Password Disclosure -=[+] Exploitation: Remote -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.x0n3-h4ck.org -=[+] Virtual Office: http://www.kasamba.com/CorryL -=[+] Irc Chan: irc.darksin.net #x0n3-h4ck ..::[ Descriprion ]::.. FLog is a simple yet powerful weblog script that doesn't require a database to run. Features include easy installation, comments, multiple users, links, categories, and full plugin and theme APIs. ..::[ Proof Of Concept ]::.. http://remote_server/data/users.0.dat ..::[ Disclousure Timeline ]::.. [07/01/2007] - Public disclousure
Current thread:
- Flog 1.1.2 Remote Admin Password Disclosure corrado . liotta (Jan 05)