Killer Protection 1.0 Information Disclosure Vulnerability

2002-10-07T00:00:00
ID EDB-ID:21912
Type exploitdb
Reporter frog
Modified 2002-10-07T00:00:00

Description

Killer Protection 1.0 Information Disclosure Vulnerability. CVE-2002-2335. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/5905/info

The Killer Protection PHP script is prone to an information-disclosure issue. Reportedly, unauthorized users can access sensitive user data by requesting the 'vars.inc' file in a malicious HTTP request.

Exploiting this issue may allow attackers to access sensitive usernames and passwords, which could be used in future attacks.


http://[target]/vars.inc

and

http://[target]/protection.php?mode=display&username=[LOGIN]&password=[PASSWORD]