Working Resources BadBlue Information Disclosure Vulnerability

An information disclosure vulnerability has been discovered in the 'soinfo.php' script. A remote attacker that runs this script may be able to obtain sensitive server information such as database passwords.

Information disclosed in this manner may aid an attacker in launching further attacks against the target system.

It should be noted that PHP must be enabled on a target BadBlue server, for this issue to be exploitable.


 

Privacy Statement
Copyright 2010, SecurityFocus