[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] Vulnerabilities in WordPress Attack Scanner for WordPress
From: Henri Salo <henri () nerv ! fi>
Date: 2013-01-31 0:06:44
Message-ID: 20130131000644.GG21775 () kludge ! henri ! nerv ! fi
[Download RAW message or body]
On Wed, Jan 30, 2013 at 08:31:57PM +0200, MustLive wrote:
> Information Leakage (WASC-13):
>
> http://site/wp-content/plugins/path/data.txt
> http://site/wp-content/plugins/path/archive.txt
>
> Folder "path" can be WP-Attack-Scanner or WP-Attack-Scanner-Free.
>
> Unrestricted access to the data - they can be accessed in the browser
> without authorization. Even the data is encrypted, but by default the
> password is "changepassword". If the password was not changed, then the data
> is easily decrypting. If it was changed, then the password can be picked up.
What data is stored to those files?
--
Henri Salo
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic