source: http://www.securityfocus.com/bid/11133/info Regulus is reported prone to an information disclosure vulnerability. It is reported that a specified user/customer password hash is contained in a hidden tag of the 'Update Your Password' action page. An attacker may employ data that is obtained in this manner to aid in further attacks launched against the vulnerable software. This vulnerability is reported to affect all versions of SAFE TEAM Regulus. http://example.com/base-dir/htmlcust/custchoice.php?lang=English&userid=<name>&action=To update your password Where '<name>' is the target username.
Related ExploitsTrying to match OSVDBs (1): 9821
Other Possible E-DB Search Terms: SAFE TEAM Regulus 2.2, SAFE TEAM Regulus
|2004-09-07||24581||SAFE TEAM Regulus 2.2 - Staffile Information Disclosure||masud_libra|
|2004-09-07||24583||SAFE TEAM Regulus 2.2 - Customer Statistics Information Disclosure||masud_libra|