[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PHP Advanced Transfer Manager Download users password hashes

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: PHP Advanced Transfer Manager Download users password hashes
From: jn@xxxxxx
Date: 13 Jun 2006 13:26:15 -0000

The phpatm support forum (currently down) advises administrators to put a 
.htaccess into the users directory with the following content:

# no one gets in here!
 order allow,deny
 deny from all

Furthermore the website recommends to rename the "users" directory and change 
the corresponding variable in the config-file.

These two things done, it is no longer possible to download the hashes.

Prev by Date: animesuki XSS
Next by Date: Windowsitpro.com - XSS with cookie disclosure
Previous by thread: animesuki XSS
Next by thread: Windowsitpro.com - XSS with cookie disclosure
Index(es):
- Date
- Thread