5 php scripts remote database password disclosure

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: 5 php scripts remote database password disclosure
From: gmdarkfig@xxxxxxxxx
Date: 3 Jul 2006 07:42:29 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

#
#     Title: 5 php scripts remote database password disclosure
#      Date: Sun July 02 21:04 2006
#   Credits: Security hole discovered by DarkFig (gmdarkfig@xxxxxxxxx)
#   Problem: Database configuration is located in a .inc file(no protected by 
.htaccess file)
#       Web: http://acid-root.new.fr
#


#   VulnScr: Mp3netbox Beta 1
#    Author: flymoon@xxxxxxxxxxxxxxxxxxxxx
#  Download: http://sourceforge.net/projects/mp3netbox
#   Exploit: http://[...]/config.inc


#   VulnScr: efone <= 20000723
#    Author: brush@xxxxxxxxxxxxxxxxxxxxx
#  Download: http://sourceforge.net/projects/efone
#   Exploit: http://[...]/config.inc


#   VulnScr: Kamikaze-QSCM <= v0.1
#    Author: ???@????.???
#  Download: http://kamikaze-qscm.tigris.org/
#   Exploit: http://[...]/config.inc


#   VulnScr: Blueboy <= 1.0.3
#    Author: mano@xxxxxxxxxxxxxxxxxxxxx
#  Download: http://sourceforge.net/projects/bb-news
#   Exploit: http://[...]/bb_news_config.inc


#   VulnScr: Foros V.1.0
#    Author: eupla@xxxxxxxxxxxxxxxxxxxxx
#  Download: 
http://sourceforge.net/project/showfiles.php?group_id=14333&package_id=51342
#   Exploit: http://[...]/inc/config.inc


#EOF

Prev by Date: Excel 2000/XP/2003 Style 0day POC
Next by Date: Call For Papers - No cON Name 2006 Edition Spain
Previous by thread: Excel 2000/XP/2003 Style 0day POC
Next by thread: [ GLSA 200607-01 ] mpg123: Heap overflow
Index(es):
- Date
- Thread