Kaos news v0.9 lets remote users download the user database Found by: CyberTalon
1. Problem 2. Exploit 3. Info
1. Authors Panel script stores usernames and passwords along with other configurations in kaosnews.mdb, which is downloadable thru the web by remote users.
2. www.site.com/news/kaosnews.mdb
3. Vendor URL: www.webkaos.co.uk
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
