Vulners
Lucene search
allmanage.pl-admin.txt
`Allmanage.pl Admin Password vulnerability (15 may 2000)
Another allmanage.pl vulnerability (see also allmanage.pl.txt)
Everybody can easily get the admin password from the allmanage directory. You are able to
set/change lots of variables, add accounts, mail users, backup, restore, edit header/footer code
etc..
It's really easy to get:
-Find were allmanage.pl is located and change allmanage.pl with K . For example:
allmanage/allmanage.pl will become allmanage/k . This file contains the admin password, not
encrypted.
-Go to allmanage_admin.pl instead of allmanage.pl and login. You can use admin as loginname.
-Now you're in the main admin panel.
N.B. loginname is not always admin, but in most of the cases it is.
I tried this on 8 sites using allmanage.pl. 6 of them were vulnerable.
Other interresting files to request:
adp : Admin information and encrypted password
userfile.dat : All user information they entered requesting their account. (N.B. not always there)
settings.cfg : Config file, you can get the same information out of the admin panel.
This may also work on the version without the upload ability.
Bighawk, [email protected]
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 May 2000 00:00Current
7.4High risk
Vulners AI Score7.4