logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

phpESP Access in dbase

Date: 2003-03-22

Author : subj - r2subj3ct@dwclan.org

Product : phpESP (php Easy Survey Package)
Version : 1.11
WebSite : http://acm.jhu.edu
Problem : Access in dbase


Description:
------------

In admin directory exist file phpEST.ini if we look this file we can see database dbpassword,
dblogin, dbhost, dbname and other private info.

phpESP.ini
==========

[...]

// database connection info
$ESPCONFIG['db_host'] = 'localhost';
$ESPCONFIG['db_user'] = 'phpesp';
$ESPCONFIG['db_pass'] = 'phpesp';
$ESPCONFIG['db_name'] = 'phpesp';

[...]

==========

Exploit:
--------

http://[somehost]/phpESP/admin/phpESP.ini



 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy