PHP-Fusion Information Disclosure

2018.05.17
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: 200

# Title: PHP-Fusion Information Disclosure # Date: 16/05/18 # Author: Nir Yehoshua # Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php # Version: All # Tested on: Windows 10 # PoC: https://github.com/niryehoshua/Projects/blob/master/PHP-Fusion_Information-Disclosure.py # The websites that tested: http://freguesia.espite.pt, http://tel-clan.net, http://k12online.info, http://trivillagerc.com, http://mech.net, http://www.online-keys.net, http://ti99ers.org, http://maps4u.lt/en and more... # Script output example: (tested on www.bucks8ball.com) PHP-Fusion Information-Disclosure by Nir Yehoshua Enter URL [http://url.com] > http://www.bucks8ball.com Vulnerable [*] Administrator username: Koopa [*] Group Members: Markt maria mezza lewis maria mezza lewis maria mezza lewis carl allum1 whatafcukinliberty whatafcukinliberty whatafcukinliberty big col carl allum1 Sledgehammer Koopa Hammer Koopa plodder ryan maria mezza lewis maria mezza lewis maria mezza lewis Hammer NitrousOxide Hammer smithy Hammer Hammer Knightrider Hammer Deano Hammer Deano Hammer Hammer Hammer MACABREKAYNE InTheMix chappers Hammer Hammer Deano Koopa


Vote for this issue:
77%
23%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top