phpcoin phpinfo information disclosure
vendor url:http://www.phpcoin.com/
vendor notified : yes exploit avaible:yes
advisore:http://lostmon.blogspot.com
/2005/03/phpcoin-phpinfo-information-disclosure.html
OSVDB ID:14257
#######################################
phpCOIN Is a free software package originally designed for web-hosting resellers to handle clients, orders,invoices,
notes and helpdesk,but no longer limited to hosting resellers.
In a default instalation phpcoin have a file called 'phpinfo.php'
any remote user can call this file and obtain relevant information
about configuration and the server.
versions afected :
1.2.0
1.2.1b
1.2.1
exploit:
http://[target]phpcoin_directory/phpinfo.php
solution :
For phpinfo: after phpcoin isntalation´s delete this file :)
atentamente:
Lostmon (lostmon@gmail.com)
Thnx to estrella to be my ligth
Thnx to all who belibed in me
--
La curiosidad es lo que hace mover la mente...