[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Hot Links download backup authorized vulnerabilities (re-post
From:       hack2prison () yahoo ! com
Date:       2006-11-15 5:28:31
Message-ID: 20061115052831.20288.qmail () securityfocus ! com
[Download RAW message or body]

Hot Links is web directory system provided by mrcgiguy.com contain PHP+MySQL version and Perl version and PHP withou MySQL. All version are vulnerabilities

If admin backup database will store on server and attacker can download without authorized:
http://[domain.ext]/[path]/dlback.php?dl=fullback for PHP+MySQL ver. Perl is same above, you try it.

Contact vendor but no reply.
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic