12 lines
No EOL
506 B
Text
12 lines
No EOL
506 B
Text
source: http://www.securityfocus.com/bid/5905/info
|
|
|
|
The Killer Protection PHP script is prone to an information-disclosure issue. Reportedly, unauthorized users can access sensitive user data by requesting the 'vars.inc' file in a malicious HTTP request.
|
|
|
|
Exploiting this issue may allow attackers to access sensitive usernames and passwords, which could be used in future attacks.
|
|
|
|
|
|
http://[target]/vars.inc
|
|
|
|
and
|
|
|
|
http://[target]/protection.php?mode=display&username=[LOGIN]&password=[PASSWORD] |