FlatFile system Remote Password Disclouse Vulnerability

vendor:

FlatFile

by:

ViRuSMaN

8,8

CVSS

HIGH

FlatFile system Remote Password Disclouse

N/A

CWE

Product Name: FlatFile

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

FlatFile system Remote Password Disclouse Vulnerability

A vulnerability in the FlatFile system allows an attacker to remotely disclose the password of the admin user. This is due to the fact that the userlist.txt file is publicly accessible and contains the password of the admin user before the admin name.

Mitigation:

The userlist.txt file should be removed or restricted from public access.

Source

Exploit-DB raw data:

==============================================================================
        [»] ~ Note : [ Tribute to the martyrs of Gaza . ]
==============================================================================
        [»] FlatFile system Remote Password Disclouse Vulnerability
==============================================================================

    [»] Script:             [ FlatFile ]
    [»] Language:           [ PHP ]
    [»] Download:           [ http://codewalkers.com/codefiles/269_flatfile_login.zip ]
    [»] Founder:            [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
    [»] Greetz to:          [ HackTeach Team , Egyptian Hackers , All My Friends & No-Exploit.com ]
    [»] My Home:            [ HackTeach.Org , Islam-Attack.Com ]

###########################################################################

===[ Exploit ]===

    [»] http://server/[path]/userlist.txt

 # The Password Before Admin Name in "userlist.txt"



Author: ViRuSMaN <-

###########################################################################