Full Disclosure mailing list archives

Re: Flog 1.1.2 Remote Admin Password Disclosure


From: "T Biehn" <tbiehn () gmail com>
Date: Fri, 5 Jan 2007 15:34:49 -0500

This isn't a password disclosure, it's a leak of password information.

It's a password hash, you super hacker.

On 1/5/07, corrado.liotta () alice it <corrado.liotta () alice it> wrote:


-=[--------------------ADVISORY-------------------]=-

                        FLog 1.1.2

  Author: CorryL    [corryl80 () gmail com]
-=[-----------------------------------------------]=-


-=[+] Application:    FLog
-=[+] Version:        1.1.2
-=[+] Vendor's URL:   http://www.fluffington.com/index.php?page=flog
-=[+] Platform:       Windows\Linux\Unix
-=[+] Bug type:       Remote Admin Password Disclosure
-=[+] Exploitation:   Remote
-=[-]
-=[+] Author:           CorryL  ~ corryl80[at]gmail[dot]com ~
-=[+] Reference:       www.x0n3-h4ck.org
-=[+] Virtual Office:  http://www.kasamba.com/CorryL
-=[+] Irc Chan:         irc.darksin.net #x0n3-h4ck


..::[ Descriprion ]::..

FLog is a simple yet powerful weblog script that doesn't require a
database to run.
Features include easy installation, comments, multiple users, links,
categories,
and full plugin and theme APIs.


..::[ Proof Of Concept ]::..

http://remote_server/data/users.0.dat



..::[ Disclousure Timeline ]::..


[07/01/2007] - Public disclousure

**************
Registrati ad Alice Basic e scarica Alice Messenger,
il nuovo instant messenger che ti fa chattare GRATIS con i tuoi amici!
Per maggiori informazioni vai su:
http://adsl.alice.it/servizi/alicebasic.html?pmk=psmail_foot01

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread: