bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/50176.txt
Offensive Security 2bcb3e5c5e DB: 2021-08-05 
6 changes to exploits/shellcodes

WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting (XSS)
qdPM 9.1 - Remote Code Execution (RCE) (Authenticated)
qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated)
Client Management System 1.1 - 'cname' Stored Cross-site scripting (XSS)
ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments
2021-08-05 05:01:56 +00:00

9 lines
No EOL
523 B
Text
Raw Blame History

# Exploit Title: qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated)
# Date: 03/08/2021
# Exploit Author: Leon Trappett (thepcn3rd)
# Vendor Homepage: https://qdpm.net/
# Software Link: https://sourceforge.net/projects/qdpm/files/latest/download
# Version: 9.2
# Tested on: Ubuntu 20.04 Apache2 Server running PHP 7.4
The password and connection string for the database are stored in a yml file. To access the yml file you can go to http://<website>/core/config/databases.yml file and download.
Reference in a new issue View git blame Copy permalink