IMOEL CMS Sql password discovery

2005.12.12

Credit: mehrtash mallahzadeh

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2005-4219

CWE: CWE-Other

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

IMOEL CMS 
has the weakness to download the plain text sql password in the setting.php file 
*/*************************************
	$setting['host']['username'] = 'sqlusername';
	$setting['host']['password'] = 'sqlpassword';

***************************************
so u can download the setting.php file & view the plain text password

as the default imoel cms set the administrator user name and password same as sql password
u can access the setting.php file from this url

http://[site]/include/setting.php

mehrtash mallahzadeh
ashiyane digital security team
www.ashiyane.com
www.ashiyane.net
greetz
behrooz_ice , actionspider , q7x, ehsan

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

IMOEL CMS Sql password discovery

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

IMOEL CMS Sql password discovery

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.