########################################## PHPRunner database credentials disclosure Vendor url:http://www.xlinesoft.com/phprunner/ Advisore:http://lostmon.blogspot.com/2006/11/ phprunner-database-credentials.html Vendor notify:yes exploit available:yes ########################################## Description: PHPRunner builds visually appealing web interface for any local or remote MySQL, MS Access, SQL Server and Oracle databases. Your web site visitors will be able to easily search, add, edit, delete and export data in your database. Advanced security options allow to build password-protected members only Web sites easily. PHPRunner is simple to learn so you can build your first project in just fifteen minutes. Vulnerability: PHPRunner contains a flaw that allow local users to view all credentials stored in PHPRunner for work. This flaw exist because the aplication store the database server, database names,users and passwords in plain text in a file located in windows folder. A local user could access directly to \windows\PHPRunner.ini and obtain all information. versions this prove is tested on version 3.1 solution: No solution was available at this time. Timeline: Discovered:21-10-2006 vendor notify:13-12-2006 vendor response:13-12-2006 disclosure:13-12-2006 example: Open c:\windows\PHPRunner.ini ######################## €nd ##################### Thnx to Estrella to be my ligth. -- atentamente: Lostmon (lostmon@gmail.com) Web-Blog: http://lostmon.blogspot.com/ -- La curiosidad es lo que hace mover la mente....