This exploit describes an information disclosure vulnerability in PHPShop 0.6 where sensitive credentials (password and email) can be retrieved by downloading and inspecting the configuration file. No actual exploit code is provided.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:PHPShop Version 0.6
No auth needed
Prerequisites:Access to the target's /phpshop/etc/phpshop-dist.cfg file