CitrusDB 0.1/0.2/0.3 Credit Card Data - Remote Information Disclosure

EDB-ID:

25072

CVE:

2005-0229

EDB Verified:

Author:

Maximillian Dornseif

Type:

remote

Exploit: /

Platform:

Multiple

Date:

2005-01-31

Vulnerable App:

source: https://www.securityfocus.com/bid/12402/info

A remote information disclosure issue affects CitrusDB. This issue is due to a design problem that grants unauthorized users the ability to export sensitive data.

An attacker may leverage this issue to gain access to sensitive information including credit card data. 

[path to CitrusDB]/io/newfile.txt

where [path to CitrusDB] is the path relative to the web root.

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services