Full Disclosure mailing list archives
Re: Flog 1.1.2 Remote Admin Password Disclosure
From: "T Biehn" <tbiehn () gmail com>
Date: Fri, 5 Jan 2007 15:34:49 -0500
This isn't a password disclosure, it's a leak of password information. It's a password hash, you super hacker. On 1/5/07, corrado.liotta () alice it <corrado.liotta () alice it> wrote:
-=[--------------------ADVISORY-------------------]=- FLog 1.1.2 Author: CorryL [corryl80 () gmail com] -=[-----------------------------------------------]=- -=[+] Application: FLog -=[+] Version: 1.1.2 -=[+] Vendor's URL: http://www.fluffington.com/index.php?page=flog -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: Remote Admin Password Disclosure -=[+] Exploitation: Remote -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.x0n3-h4ck.org -=[+] Virtual Office: http://www.kasamba.com/CorryL -=[+] Irc Chan: irc.darksin.net #x0n3-h4ck ..::[ Descriprion ]::.. FLog is a simple yet powerful weblog script that doesn't require a database to run. Features include easy installation, comments, multiple users, links, categories, and full plugin and theme APIs. ..::[ Proof Of Concept ]::.. http://remote_server/data/users.0.dat ..::[ Disclousure Timeline ]::.. [07/01/2007] - Public disclousure ************** Registrati ad Alice Basic e scarica Alice Messenger, il nuovo instant messenger che ti fa chattare GRATIS con i tuoi amici! Per maggiori informazioni vai su: http://adsl.alice.it/servizi/alicebasic.html?pmk=psmail_foot01 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Flog 1.1.2 Remote Admin Password Disclosure corrado.liotta (Jan 05)
- Re: Flog 1.1.2 Remote Admin Password Disclosure T Biehn (Jan 05)
- Re: Flog 1.1.2 Remote Admin Password Disclosure Valdis . Kletnieks (Jan 05)
- Re: Flog 1.1.2 Remote Admin Password Disclosure wac (Jan 07)
- Re: Flog 1.1.2 Remote Admin Password Disclosure endrazine (Jan 07)
- Re: Flog 1.1.2 Remote Admin Password Disclosure Valdis . Kletnieks (Jan 08)
- Re: Flog 1.1.2 Remote Admin Password Disclosure endrazine (Jan 08)
- Re: Flog 1.1.2 Remote Admin Password Disclosure endrazine (Jan 08)
- Message not available
- Fwd: Flog 1.1.2 Remote Admin Password Disclosure T Biehn (Jan 08)
- Re: Flog 1.1.2 Remote Admin Password Disclosure Valdis . Kletnieks (Jan 05)
- Re: Flog 1.1.2 Remote Admin Password Disclosure T Biehn (Jan 05)
- Re: Flog 1.1.2 Remote Admin Password Disclosure wac (Jan 15)