PHP-Board 1.0 - User Password Disclosure

EDB-ID:

22252


Author:

frog

Type:

webapps


Platform:

PHP

Date:

2003-02-15


source: https://www.securityfocus.com/bid/6862/info

php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative passwords.

http://www.example.com/user/[NICKNAME].txt