PDA

Visualizza versione completa : PHP-Blogger Disclosure of Sensitive Information Security Issue


Giorgius
24-12-2004, 16.18.39
snilabs has reported a security issue in PHP-Blogger, which can be exploited by malicious people to disclose sensitive information.

The problem is that database files (.db) by default are stored inside the web root and are not correctly protected against being accessed directly on some server configurations. This can e.g. be exploited to disclose the admin password.

Leggi: http://secunia.com/advisories/13665/