Advertisement






Pop Under Ads Network 1.0 MySQL Credential Disclosure

CVE Category Price Severity
CWE-16 Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2016-09-27
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.2125 0.9682

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2016090200

Below is a copy:

Pop Under Ads Network 1.0 MySQL Credential Disclosure| # Title     : pop under ads network v1.0 MySQL connection credentials Vulnerability
| # Author    : indoushka
| # email     : [email protected]
| # Tested on : windows 8.1 FranASSais V.(Pro)
| # Version   : 1.0
| # Vendor    : http://dl.20script.ir/script/ads/20S-pop-under-ads-network-v1.0[www.20script.ir].zip
========================================================================

Vulnerability description :

For a client program to be able to connect to the MySQL server, 
it must use the proper connection parameters, 
such as the name of the host where the server is running and 
the user name and password of your MySQL account. 
This file contains full/partial source code that contains 
a mysql_connect/mysql_pconnect function call that includes 
the MySQL connection credentials. This information 
is highly sensitive and should not be found on a production system.

poc :

1 - right click and open the page source .

2 - http://b.top4top.net/p_201kowq1.jpg

Greetz :----------------------------------------------------------------
                                                                       |
jericho * Larry W. Cashdollar * moncet-1 * achraf.tn                   |
                                                                       |
========================================================================


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.