[25511] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Another vulnerability in hosting controller

daemon@ATHENA.MIT.EDU (Bao Dai Nhan)
Mon May 20 14:46:05 2002

Date: 19 May 2002 10:10:50 -0000
Message-ID: <20020519101050.5131.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Bao Dai Nhan <baodainhan@fptnet.com>
To: bugtraq@securityfocus.com

1/If admin doesn't change or delete user AdvWebadmin, the 
default password of this user is advcomm500349, you can 
creat your own account or use this account to hack the 
server.
1/ A foolish vulnerability, i can view the harddisk by 
using the file browse.asp in directory admin
www.victim.com/admin/browse.asp?FilePath=c:\&Opt=2&level=0

BAODAINHAN
baodainhan@fptnet.com
www.viethacker.net


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[25511] in bugtraq

Another vulnerability in hosting controller

daemon@ATHENA.MIT.EDU (Bao Dai Nhan)Mon May 20 14:46:05 2002

daemon@ATHENA.MIT.EDU (Bao Dai Nhan)
Mon May 20 14:46:05 2002