CVE-2002-2335

Killer Protection 1.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2335. PoCs published by frog.

AI-analyzed exploit summary The exploit describes an information disclosure vulnerability in the Killer Protection PHP script, where unauthorized access to 'vars.inc' or direct requests to 'protection.php' with credentials can leak sensitive data.

Description

Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/21912

View Code ZIP pw:eip

The exploit describes an information disclosure vulnerability in the Killer Protection PHP script, where unauthorized access to 'vars.inc' or direct requests to 'protection.php' with credentials can leak sensitive data.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Killer Protection PHP script

No auth needed

Prerequisites: Access to the target web server

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/10315.php

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5905

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://online.securityfocus.com/archive/1/294208

Scores

EPSS 0.0242

EPSS Percentile 82.0%

Details

CWE

CWE-16

Status published

Products (1)

john_drake/killer_protection 1.0

Published Dec 31, 2002

Tracked Since Feb 18, 2026