SAFE TEAM Regulus 2.2 Custchoice.PHP Update Your Password Action Information Disclosure Vulnerability. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/11133/info Regulus is reported prone to an information disclosure vulnerability. It is reported that a specified user/customer password hash is contained in a hidden tag of the 'Update Your Password' action page. An attacker may employ data that is obtained in this manner to aid in further attacks launched against the vulnerable software. This vulnerability is reported to affect all versions of SAFE TEAM Regulus. http://example.com/base-dir/htmlcust/custchoice.php?lang=English&userid=<name>&action=To update your password Where '<name>' is the target username.