20 lines
No EOL
717 B
Text
20 lines
No EOL
717 B
Text
source: https://www.securityfocus.com/bid/8438/info
|
|
|
|
A vulnerability has been reported to exist in the DWebPro web server software. This problem allows an attacker to view database authentication credentials by accessing a plain text file named 'http.ini'.
|
|
|
|
An attacker will require read access to this file in order to steal sensitive authentication information that may be used in further attacks.
|
|
|
|
[MySQL]
|
|
CopyDataToHardDisk=0
|
|
DaemonPath=##DWEBPATH##\engine\mysql\bin\mysqld.exe
|
|
BaseDir=##DWEBPATH##\engine\mysql
|
|
BinDir=##DWEBPATH##\engine\mysql\bin
|
|
DataDir=##DWEBPATH##\engine\mysql\data
|
|
DestinationDir=##TEMP##\dweb
|
|
Overwrite=0
|
|
Port=3306
|
|
ShutDownOnExit=1
|
|
StartMySQL=1
|
|
CustomParams=
|
|
*Username=root*
|
|
*Password=root |