Article: SubProfile Exploit
Written By: Xak
Written On: 07-24-02
Discovered By: JTM

This exploit is pretty easy once you have the needed information.
I think that this was a huge mistake on subprofile's side since they left the directory and file world readable. Once you read the needed file, you can login and do whatever you want. The password is on the first line. People have attempted to 'lock' some passwords, but I haven't seen any success.

URL: http://www.subprofile.net/v5jp8mb23ewu/USERNAME.txt

This appears to work for all of the subprofile domains and subdomains.

As of around 11:30 PM Eastern Time, SubProfile has finally taken action and placed protection on the directory.

Screen Shots 1 | Screen Shots 2 | Screen Shots 3