|
Full Disclosure
mailing list archives
Re: Vulnerabilities in WordPress Attack Scanner for WordPress
From: Henri Salo <henri () nerv fi>
Date: Thu, 31 Jan 2013 02:06:44 +0200
On Wed, Jan 30, 2013 at 08:31:57PM +0200, MustLive wrote:
Information Leakage (WASC-13):
http://site/wp-content/plugins/path/data.txt
http://site/wp-content/plugins/path/archive.txt
Folder "path" can be WP-Attack-Scanner or WP-Attack-Scanner-Free.
Unrestricted access to the data - they can be accessed in the browser
without authorization. Even the data is encrypted, but by default the
password is "changepassword". If the password was not changed, then the data
is easily decrypting. If it was changed, then the password can be picked up.
What data is stored to those files?
--
Henri Salo
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
