SAFE TEAM Regulus 2.2 Custchoice.PHP Update Your Password Action Information Disclosure Vulnerability

2004-09-07T00:00:00
ID EDB-ID:24582
Type exploitdb
Reporter masud_libra
Modified 2004-09-07T00:00:00

Description

SAFE TEAM Regulus 2.2 Custchoice.PHP Update Your Password Action Information Disclosure Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/11133/info

Regulus is reported prone to an information disclosure vulnerability. It is reported that a specified user/customer password hash is contained in a hidden tag of the 'Update Your Password' action page. 

An attacker may employ data that is obtained in this manner to aid in further attacks launched against the vulnerable software.

This vulnerability is reported to affect all versions of SAFE TEAM Regulus.

http://example.com/base-dir/htmlcust/custchoice.php?lang=English&userid=<name>&action=To update your password

Where '<name>' is the target username.