[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Hot Links download backup authorized vulnerabilities
From:       hack2prison () yahoo ! com
Date:       2006-11-15 5:26:06
Message-ID: 20061115052606.19911.qmail () securityfocus ! com
[Download RAW message or body]

Hot Links is web directory system provided by mrcgiguy.com contain PHP+MySQL version and Perl version and PHP withou MySQL. All version are vulnerabilities

If admin backup database will store on server and attacker can download without authorized:
http://[domain.ext]/[path]/dlback.php?dl=fullback

Contact vendor but no reply.
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic