CVE-2005-1136 - Athetosic Tank

Description

Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files.

Reference

http://echo.or.id/adv/adv12-y3dips-2005.txt http://www.waraxe.us/ftopict-651.html http://marc.info/?l=bugtraq&m=111359320312609&w=2