header-logo
Suggest Exploit
vendor:
Firestats
by:
Jelmer de Hen
5.5
CVSS
MEDIUM
Remote Configuration File Download
200
CWE
Product Name: Firestats
Affected Version From: 1.6.2005
Affected Version To: 1.6.2005
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2010

WordPress firestats remote configuration file download

A vulnerability in the Firestats plugin for Wordpress allows an attacker to download the configuration file, which contains sensitive information such as the database username and password.

Mitigation:

Update to the latest version of Firestats plugin and ensure proper access controls are in place for sensitive files.
Source

Exploit-DB raw data:

# Exploit Title: Wordpress firestats remote configuration file download

# Date: 2010-07-09
# Author: Jelmer de Hen
# Software Link: http://firestats.cc/
# Version: 1.6.5
# Tested on: PHP Do a simple GET request to this file:

/wp-content/plugins/firestats/php/tools/get_config.php

This will allow you to download a configuration file which contains the database username and password.
		 	   		  
http://h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html

Navigation

Suggest Exploit

Services By CQR