LeapFTP 2.5.7 (leapftp.ini) Password Disclosure Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1051319 漏洞类型
发布时间 2010-01-28 更新时间 2010-01-28
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2010010117
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Title : LeapFTP 2.5.7 (leapftp.ini) Password Disclosure Vulnerability
Author : Ghost Hacker
Blog : http://gh05th4ck.wordpress.com
Email : ghost-r00t@windowslive.com
Download Software : http://download.chip.eu/en/LeapFTP-2.7.5_35821.html
Version : 2.7.5
Tested on : Windows XP SP2
########################################################################
Vulnerability :
Open the file "leapftp.ini" in the following path
C: \ Program Files \ LeapFTP
Search for "History tag" , you will find in this format
[History]
h1=xxx.com:xxxx:yN~YzB‚AEE‰F}6z5‡8„8ٹ3{EFMHL‡8
Each line is responsible for site
Copy and paste this line in the file leapftp.ini for the same program on another machine
And you'll find location data added to the program and can enter through the FTP.

Video of the explanation : http://www.mediafire.com/?2z0mdnwgnyn

./Gh05t_H4ck3r