WESPA PHP Newsletter version 3.0 suffers from a remote administrative password changing vulnerability when the install script is left in place.
8967ba02e7bee6dbbd12538c41fde3fc9096ae06d10335d62f3cf4e0d8d3794c
#####################################################################################
#### "WESPA PHP Newsletter v3.0" Remote Admin Password Change With ####
#### install path ####
#####################################################################################
# #
# Author: alieye #
# #
# class : remote #
# #
# E-mail: cseye_ut@yahoo.com #
# #
# greetz: C.S.Eye Security Team members #
# #
# We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety & All Iranian Hackers #
# #
# Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com #
#####################################################################################
download : http://www.wespadigital.com/scripts/wespanewsletter/wespa_php_newsletter_v3.zip
Dork : intitle:"News list Administration panel" or "WESPA PHP Newsletter v3.0"
Example :
1. Go to url : target.com/newsletter/admin.php
2. Clean admin.php and Go to target.com/newsletter/install/install1.php
3. Write new password for admin and click next stage
4. finish install
5. Go to url : target.com/newsletter/admin.php
5. Login admin with new password
Date : 03/29/2011