Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) galleria <= 1.0 Remote File Inclusion Vulnerability [SA20936] Vincent LECLERCQ News Cross-Site Scripting and SQL Injection [SA20901] FineShop Cross-Site Scripting and SQL Injection [SA20884] MKPortal "ind" Local File Inclusion Vulnerability From:gmdarkfig_(at)_gmail.com <gmdarkfig_(at)_gmail.com> Date:04.07.2006Subject:5 php scripts remote database password disclosure# # Title: 5 php scripts remote database password disclosure # Date: Sun July 02 21:04 2006 # Credits: Security hole discovered by DarkFig (gmdarkfig@gmail.com) # Problem: Database configuration is located in a .inc file(no protected by .htaccess file) # Web: http://acid-root.new.fr # # VulnScr: Mp3netbox Beta 1 # Author: flymoon@users.sourceforge.net # Download: http://sourceforge.net/projects/mp3netbox # Exploit: http://[...]/config.inc # VulnScr: efone <= 20000723 # Author: brush@users.sourceforge.net # Download: http://sourceforge.net/projects/efone # Exploit: http://[...]/config.inc # VulnScr: Kamikaze-QSCM <= v0.1 # Author: ???@????.??? # Download: http://kamikaze-qscm.tigris.org/ # Exploit: http://[...]/config.inc # VulnScr: Blueboy <= 1.0.3 # Author: mano@users.sourceforge.net # Download: http://sourceforge.net/projects/bb-news # Exploit: http://[...]/bb_news_config.inc # VulnScr: Foros V.1.0 # Author: eupla@users.sourceforge.net # Download: http://sourceforge.net/project/showfiles.php?group_id=14333&package_id=51342 # Exploit: http://[...]/inc/config.inc #EOF
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
galleria <= 1.0 Remote File Inclusion Vulnerability
[SA20936] Vincent LECLERCQ News Cross-Site Scripting and SQL Injection
[SA20901] FineShop Cross-Site Scripting and SQL Injection
[SA20884] MKPortal "ind" Local File Inclusion Vulnerability
