TightAuction 3.0 Config.INC Information Disclosure Vulnerability

ID EDB-ID:21893
Type exploitdb
Reporter frog
Modified 2002-10-02T00:00:00


TightAuction 3.0 Config.INC Information Disclosure Vulnerability. CVE-2002-1886. Webapps exploit for php platform

                                            source: http://www.securityfocus.com/bid/5850/info

TightAuction is prone to an information disclosure vulnerability. The configuration file (config.inc) contains sensitive information such as database authentication credentials. It is possible for remote attackers to retrieve this file via a web request, and since the file does not have the correct extension (.inc.php) the contents will be rendered in a web browser instead of interpreted.

print("Infos de la DataBase du site $victime : \n \n");
print("Login : $DB_Username \nPassword : $DB_Password \nServer :