Vulnerabilities > CVE-2005-2229 - Information Disclosure vulnerability in Blog Torrent
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the (1) data or (2) torrents directories with insufficient access control, which allows remote attackers to obtain sensitive information such as account names and password hashes, as demonstrated using data/newusers.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | BlogTorrent <= 0.92 Remote Password Disclosure Exploit. CVE-2005-2229. Webapps exploit for php platform |
id | EDB-ID:1097 |
last seen | 2016-01-31 |
modified | 2005-07-11 |
published | 2005-07-11 |
reporter | LazyCrs |
source | https://www.exploit-db.com/download/1097/ |
title | BlogTorrent <= 0.92 - Remote Password Disclosure Exploit |