The exploit describes an information leakage vulnerability in TomatoCart's backup functionality, where sensitive credentials (username and password) can be exposed in line 42 of the backup file. No functional exploit code is provided, but the technical detail about the location of the credentials is specific.
Classification
Writeup 80%
Target:
TomatoCart (Copyright (c) 2009 Wuxi Elootec Technology Co., Ltd; Copyright (c) 2005 osCommerce)
No auth needed
Prerequisites:
Access to the backup file via the admin/backups/ directory