5 php scripts remote database password disclosure

2006.07.11
Risk: Medium
Local: No
Remote: Yes
CWE: N/A

# # Title: 5 php scripts remote database password disclosure # Date: Sun July 02 21:04 2006 # Credits: Security hole discovered by DarkFig (gmdarkfig (at) gmail (dot) com [email concealed]) # Problem: Database configuration is located in a .inc file(no protected by .htaccess file) # Web: http://acid-root.new.fr # # VulnScr: Mp3netbox Beta 1 # Author: flymoon (at) users.sourceforge (dot) net [email concealed] # Download: http://sourceforge.net/projects/mp3netbox # Exploit: http://[...]/config.inc # VulnScr: efone <= 20000723 # Author: brush (at) users.sourceforge (dot) net [email concealed] # Download: http://sourceforge.net/projects/efone # Exploit: http://[...]/config.inc # VulnScr: Kamikaze-QSCM <= v0.1 # Author: ???@????.??? # Download: http://kamikaze-qscm.tigris.org/ # Exploit: http://[...]/config.inc # VulnScr: Blueboy <= 1.0.3 # Author: mano (at) users.sourceforge (dot) net [email concealed] # Download: http://sourceforge.net/projects/bb-news # Exploit: http://[...]/bb_news_config.inc # VulnScr: Foros V.1.0 # Author: eupla (at) users.sourceforge (dot) net [email concealed] # Download: http://sourceforge.net/project/showfiles.php?group_id=14333&package_id=5 1342 # Exploit: http://[...]/inc/config.inc #EOF


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top