Bug: phpQuiz sensitive file (install.php) ( Ascii Version )

Search:
WLB2

phpQuiz sensitive file (install.php)

Published
Credit
Risk
2006.09.21
sn0oPy
Low
CWE
CVE
Local
Remote
N/A
CVE-2006-4865
No
Yes
 Dork: intitle:"phpQuiz" | " Développé par PhpQuiz v.1.0 " | "© PhpQuiz" |
inurl:"PhpQuiz"

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

* phpQuiz sensitive file (install.php without authentification) + Files containing interesting info (passwords for sql
db)

* By : sn0oPy

* Risk : low

* Site : http://phpquiz.com/

* Dork : intitle:"phpQuiz" | " Développé par PhpQuiz v.1.0 " | "© PhpQuiz" |
inurl:"PhpQuiz"

* exploit :

http://target.com/[phpquiz_path]/front/

replace by :

http://target.com/[phpquiz_path]/cfgphpquiz/install.php

* greetz : [subzero], Avg Team, Lhma9.

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version