Full Disclosure mailing list archives
Re: Vulnerabilities in WordPress Attack Scanner for WordPress
From: Henri Salo <henri () nerv fi>
Date: Thu, 31 Jan 2013 02:06:44 +0200
On Wed, Jan 30, 2013 at 08:31:57PM +0200, MustLive wrote:
Information Leakage (WASC-13): http://site/wp-content/plugins/path/data.txt http://site/wp-content/plugins/path/archive.txt Folder "path" can be WP-Attack-Scanner or WP-Attack-Scanner-Free. Unrestricted access to the data - they can be accessed in the browser without authorization. Even the data is encrypted, but by default the password is "changepassword". If the password was not changed, then the data is easily decrypting. If it was changed, then the password can be picked up.
What data is stored to those files? -- Henri Salo _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Vulnerabilities in WordPress Attack Scanner for WordPress MustLive (Jan 30)
- Re: Vulnerabilities in WordPress Attack Scanner for WordPress Henri Salo (Jan 30)