header-logo
Suggest Exploit
vendor:
Killer Protection PHP Script
by:
SecurityFocus
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: Killer Protection PHP Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Killer Protection PHP Script Information Disclosure Vulnerability

The Killer Protection PHP script is prone to an information-disclosure issue. Reportedly, unauthorized users can access sensitive user data by requesting the 'vars.inc' file in a malicious HTTP request. Exploiting this issue may allow attackers to access sensitive usernames and passwords, which could be used in future attacks.

Mitigation:

Ensure that the 'vars.inc' file is not accessible to unauthorized users.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5905/info

The Killer Protection PHP script is prone to an information-disclosure issue. Reportedly, unauthorized users can access sensitive user data by requesting the 'vars.inc' file in a malicious HTTP request.

Exploiting this issue may allow attackers to access sensitive usernames and passwords, which could be used in future attacks.


http://[target]/vars.inc

and

http://[target]/protection.php?mode=display&username=[LOGIN]&password=[PASSWORD]

Navigation

Suggest Exploit

Services By CQR