BugTraq
5 php scripts remote database password disclosure Jul 03 2006 07:42AM
gmdarkfig gmail com
#

# Title: 5 php scripts remote database password disclosure

# Date: Sun July 02 21:04 2006

# Credits: Security hole discovered by DarkFig (gmdarkfig (at) gmail (dot) com [email concealed])

# Problem: Database configuration is located in a .inc file(no protected by .htaccess file)

# Web: http://acid-root.new.fr

#

# VulnScr: Mp3netbox Beta 1

# Author: flymoon (at) users.sourceforge (dot) net [email concealed]

# Download: http://sourceforge.net/projects/mp3netbox

# Exploit: http://[...]/config.inc

# VulnScr: efone <= 20000723

# Author: brush (at) users.sourceforge (dot) net [email concealed]

# Download: http://sourceforge.net/projects/efone

# Exploit: http://[...]/config.inc

# VulnScr: Kamikaze-QSCM <= v0.1

# Author: ???@????.???

# Download: http://kamikaze-qscm.tigris.org/

# Exploit: http://[...]/config.inc

# VulnScr: Blueboy <= 1.0.3

# Author: mano (at) users.sourceforge (dot) net [email concealed]

# Download: http://sourceforge.net/projects/bb-news

# Exploit: http://[...]/bb_news_config.inc

# VulnScr: Foros V.1.0

# Author: eupla (at) users.sourceforge (dot) net [email concealed]

# Download: http://sourceforge.net/project/showfiles.php?group_id=14333&package_id=5
1342

# Exploit: http://[...]/inc/config.inc

#EOF

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus