Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Sitellite cms <= 4.2.12 RFI Vuln
From: lux () simian ca
Date: 19 Jun 2007 05:09:32 -0000

Sitellite requires .htaccess capabilities from Apache to configure its content server, so the .htaccess "deny from all" 
which we include in the PhpDocumentor folder effectively prevents this exploit for all Sitellite installations.

PhpDocumentor is only accessible in Sitellite on the command line for the purposes of generating API documentation.  
This has been the case since Sitellite 4.2.0-rc3.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]