- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24582
- Проверка EDB
-
- Пройдено
- Автор
- MASUD_LIBRA
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2004-09-07
SAFE TEAM Regulus 2.2 - 'Custchoice.php' Update Your Password Action Information Disclosure
Код:
source: https://www.securityfocus.com/bid/11133/info
Regulus is reported prone to an information disclosure vulnerability. It is reported that a specified user/customer password hash is contained in a hidden tag of the 'Update Your Password' action page.
An attacker may employ data that is obtained in this manner to aid in further attacks launched against the vulnerable software.
This vulnerability is reported to affect all versions of SAFE TEAM Regulus.
http://example.com/base-dir/htmlcust/custchoice.php?lang=English&userid=<name>&action=To update your password
Where '<name>' is the target username.- Источник
- www.exploit-db.com
