This exploit discloses administrative credentials by accessing a hardcoded file path (`userpwdadfasdfre.txt`) in the Adult Webmaster PHP application. The vulnerability arises from insecure file handling in `admin/common.php`, where credentials are stored in plaintext and accessible without authentication.
Classification
Working Poc 90%
Target:
Adult Webmaster PHP (version unspecified)
No auth needed
Prerequisites:
Network access to the target web server · Knowledge of the file path (`/home/caspers/public_html/demo/admin/userpwdadfasdfre.txt`)