This isn't a password disclosure, it's a leak of password information.<br><br>It's a password hash, you super hacker.<br><br><div><span class="gmail_quote">On 1/5/07, <b class="gmail_sendername"><a href="mailto:corrado.liotta@alice.it">
corrado.liotta@alice.it</a></b> <<a href="mailto:corrado.liotta@alice.it">corrado.liotta@alice.it</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<br>
<p><font size="2">-=[--------------------ADVISORY-------------------]=-<br>
<br>
FLog 1.1.2 <br>
<br>
Author: CorryL [<a href="mailto:corryl80@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">corryl80@gmail.com</a>] <br>
-=[-----------------------------------------------]=-<br>
<br>
<br>
-=[+] Application: FLog<br>
-=[+] Version: 1.1.2<br>
-=[+] Vendor's URL: <a href="http://www.fluffington.com/index.php?page=flog" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.fluffington.com/index.php?page=flog</a><br>
-=[+] Platform: Windows\Linux\Unix<br>
-=[+] Bug type: Remote Admin Password Disclosure<br>
-=[+] Exploitation: Remote<br>
-=[-]<br>
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~<br>
-=[+] Reference: <a href="http://www.x0n3-h4ck.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">www.x0n3-h4ck.org</a><br>
-=[+] Virtual Office: <a href="http://www.kasamba.com/CorryL" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.kasamba.com/CorryL</a><br>
-=[+] Irc Chan: <a href="http://irc.darksin.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">irc.darksin.net</a> #x0n3-h4ck <br>
<br>
<br>
..::[ Descriprion ]::..<br>
<br>
FLog is a simple yet powerful weblog script that doesn't require a database to run.<br>
Features include easy installation, comments, multiple users, links, categories,<br>
and full plugin and theme APIs.<br>
<br>
<br>
..::[ Proof Of Concept ]::..<br>
<br>
<a href="http://remote_server/data/users.0.dat" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://remote_server/data/users.0.dat</a><br>
<br>
<br>
<br>
..::[ Disclousure Timeline ]::..<br>
<br>
<br>
[07/01/2007] - Public disclousure<br>
<br>
**************<br>
Registrati ad Alice Basic e scarica Alice Messenger,<br>
il nuovo instant messenger che ti fa chattare GRATIS con i tuoi amici!<br>
Per maggiori informazioni vai su:<br>
<a href="http://adsl.alice.it/servizi/alicebasic.html?pmk=psmail_foot01" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://adsl.alice.it/servizi/alicebasic.html?pmk=psmail_foot01</a></font>
</p>
</div>
<br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>
<br></blockquote></div><br>