LeapFTP 2.5.7 (leapftp.ini) Password Disclosure Vulnerability

2010.01.28

Credit: Ghost Hacker

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Title : LeapFTP 2.5.7 (leapftp.ini) Password Disclosure Vulnerability
Author : Ghost Hacker
Blog : http://gh05th4ck.wordpress.com
Email : ghost-r00t@windowslive.com
Download Software : http://download.chip.eu/en/LeapFTP-2.7.5_35821.html
Version : 2.7.5
Tested on : Windows XP SP2
########################################################################
Vulnerability :
Open the file "leapftp.ini" in the following path
C: \ Program Files \ LeapFTP
Search for "History tag" , you will find in this format
[History]
h1=xxx.com:xxxx:&#127;yN~YzB&#8218;AEE&#8240;F}6z5&#8225;8&#8222;8&#1657;3{EFMHL&#8225;8
Each line is responsible for site
Copy and paste this line in the file leapftp.ini for the same program on another machine
And you'll find location data added to the program and can enter through the FTP.

Video of the explanation : http://www.mediafire.com/?2z0mdnwgnyn

./Gh05t_H4ck3r

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

LeapFTP 2.5.7 (leapftp.ini) Password Disclosure Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.