[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Vulnerabilities in WordPress Attack Scanner for WordPress
From:       Henri Salo <henri () nerv ! fi>
Date:       2013-01-31 0:06:44
Message-ID: 20130131000644.GG21775 () kludge ! henri ! nerv ! fi
[Download RAW message or body]

On Wed, Jan 30, 2013 at 08:31:57PM +0200, MustLive wrote:
> Information Leakage (WASC-13):
> 
> http://site/wp-content/plugins/path/data.txt
> http://site/wp-content/plugins/path/archive.txt
> 
> Folder "path" can be WP-Attack-Scanner or WP-Attack-Scanner-Free.
> 
> Unrestricted access to the data - they can be accessed in the browser 
> without authorization. Even the data is encrypted, but by default the 
> password is "changepassword". If the password was not changed, then the data 
> is easily decrypting. If it was changed, then the password can be picked up.

What data is stored to those files?

--
Henri Salo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]