Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13408
HistoryJul 04, 2006 - 12:00 a.m.

5 php scripts remote database password disclosure

2006-07-0400:00:00
vulners.com
30
JSON

Title: 5 php scripts remote database password disclosure

Date: Sun July 02 21:04 2006

Credits: Security hole discovered by DarkFig ([email protected])

Problem: Database configuration is located in a .inc file(no protected by .htaccess file)

Web: http://acid-root.new.fr

VulnScr: Mp3netbox Beta 1

Author: [email protected]

Download: http://sourceforge.net/projects/mp3netbox

Exploit: http://[…]/config.inc

VulnScr: efone <= 20000723

Author: [email protected]

Download: http://sourceforge.net/projects/efone

Exploit: http://[…]/config.inc

VulnScr: Kamikaze-QSCM <= v0.1

Author: ???@???.???

Download: http://kamikaze-qscm.tigris.org/

Exploit: http://[…]/config.inc

VulnScr: Blueboy <= 1.0.3

Author: [email protected]

Download: http://sourceforge.net/projects/bb-news

Exploit: http://[…]/bb_news_config.inc

VulnScr: Foros V.1.0

Author: [email protected]

Download: http://sourceforge.net/project/showfiles.php?group_id=14333&amp;package_id=51342

Exploit: http://[…]/inc/config.inc

#EOF

JSON