EZ Publish 2.2.7/3.0 - site.ini Information Disclosure

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053831 漏洞类型
发布时间 2003-04-15 更新时间 2003-04-15
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22488
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7347/info

eZ Publish has been reported prone to sensitive information disclosure vulnerability.

An attacker may make a request for and download the underlying site.ini configuration file. The file contains eZ Publish administration credentials stored in plaintext format. Any HTTP requests for this file will reveal the contents of this file to remote attackers. 

http://[target]/settings/site.ini