Remote Config File Disclosure

vendor:

PollHelper

by:

ahmadbady

7.5

CVSS

HIGH

Remote Config File Disclosure

200

CWE

Product Name: PollHelper

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Remote Config File Disclosure

PollHelper is vulnerable to remote config file disclosure. An attacker can download the config file which contains the database username and password.

Mitigation:

Restrict access to the config file.

Source

Exploit-DB raw data:

  Remote Config File Disclosure
----------------------------------------------------
script: PollHelper
   
***************************************************************************
download from:http://www.freedville.com/oss/PollHelper.zip
   
***************************************************************************
vul:

www.site.com/path/poll.inc
...............................
  $dbhost = "";
  $dbusername = "";
  $dbuserpass = "";
  $default_dbname = ";
..............................
-------------------------------------------------
-------------------------------------------------  
*************************************************

Author: ahmadbady 

*************************************************

# milw0rm.com [2009-01-06]