"Simple PHP Newsletter" Remote Admin Password Change With install path

2011-03-31T00:00:00
ID SECURITYVULNS:DOC:26031
Type securityvulns
Reporter Securityvulns
Modified 2011-03-31T00:00:00

Description

"Simple PHP Newsletter" Remote Admin Password Change With

install path

Author: alieye

class : remote

E-mail: cseye_ut@yahoo.com

greetz: C.S.Eye Security Team members

We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety & All Iranian Hackers

Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com

download : http://quirm.net/download/23/

Dork : intitle:"News list Administration panel" or "Simple PHP Newsletter"

Example :

  1. Go to url : target.com/newsletter/admin.php or target.com/mailer/admin.php

  2. Clean admin.php and Go to target.com/newsletter/install/install1.php or target.com/mailer/install/install1.php

  3. Write new password for admin and click next stage

  4. finish install

  5. Go to url : target.com/newsletter/admin.php or target.com/mailer/admin.php

  6. Login admin with new password