[VIM] phpjobboard Authecnical admin byPass (fwd)
security curmudgeon
jericho at attrition.org
Sat Jun 17 02:42:14 EDT 2006
ISS X-Force 26807
http://archives.neohapsis.com/archives/bugtraq/2006-05/0560.html
8 pages of google show a single installation and the very last hit the
(now defunct?) vendor page:
http://phpjobboard.sourceforge.net/
[DIR] Parent Directory 18-Nov-2002 05:48 -
Apache/1.3.33 Server at phpjobboard.sourceforge.net Port 80
The one installation http://www.moneyinstitute.com/phpjobboard/ which
doesn't seem set up properly, as it shows index listing. Kind of amusing,
the uploads directory has resumes in it. Requesting any of the three sub
dirs in the modules/ directories gives path disclosures.
Following standard sourceforge hierarchy,
http://sourceforge.net/projects/phpjobboard works:
PHP Job Board Stats - Activity: 19.61% RSS
This project hopes to provide an open-source system that is similar to
Monster.com. Project goals are 1) VERY simple install, and minimal
requirements. This system will be support on any webserver platform that
can run PHP, and it will work with any dat
But, checking the 'files' available:
http://sourceforge.net/project/showfiles.php?group_id=61962
No File Packages Defined
This project has not yet created any file release packages.
The files *are* available via CVS though:
http://phpjobboard.cvs.sourceforge.net/phpjobboard/phpjobboard/html/
---------- Forwarded message ----------
From: alp_eren at ayyildiz.org
To: bugtraq at securityfocus.com
Date: 25 May 2006 08:00:46 -0000
Subject: phpjobboard Authecnical admin byPass
SOFTWARE
==========
phpjobboard
DESCRIPTION:
============
job board administration bypass, and edit or add to new job.
example
http://[target]/phpjobboard or your path/admin.php?menu=job&adminop=job-edit&id=[item id]
============================================
greets iskorpitx(best),thehacker,metlak,shadow,tugra and all AYYILDIZ member.
#####damn with pkk terrorism, damn with terrorist people!
==========================================
More information about the VIM
mailing list