phpcoin phpinfo information disclosure

Monday, February 28, 2005
#######################################
phpcoin phpinfo information disclosure
vendor url:http://www.phpcoin.com/
vendor notified : yes exploit avaible:yes
advisore:http://lostmon.blogspot.com
/2005/03/phpcoin-phpinfo-information-disclosure.html
OSVDB ID:14257
#######################################

phpCOIN Is a free software package originally designed for web-hosting resellers to handle clients, orders,invoices,
notes and helpdesk,but no longer limited to hosting resellers.

In a default instalation phpcoin have a file called 'phpinfo.php'
any remote user can call this file and obtain relevant information
about configuration and the server.



versions afected :

1.2.0
1.2.1b
1.2.1

exploit:

http://[target]phpcoin_directory/phpinfo.php

solution :

For phpinfo: after phpcoin isntalation´s delete this file :)

atentamente:
Lostmon (lostmon@gmail.com)

Thnx to estrella to be my ligth
Thnx to all who belibed in me

--
La curiosidad es lo que hace mover la mente...
 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...