[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Minb Is Not A Blog default password directory

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Minb Is Not A Blog default password directory
From: Joseph.giron13@xxxxxxxxx
Date: 22 Jul 2007 10:25:17 -0000

Minb Is Not A Blog default password directory

http://sourceforge.net/projects/minb

Via looking in a default directory, any user can access the users.db file which 
contains the username and encrypted password of the person running the board. 

Try it for your self:

www.example.com/minb/db/users.db

The fix right now would be to place the db folder out of the web directory or 
to make an index for the db directory telling others to piss off. Something as 
easy as <?php header("location: ../index.php"); ?> should suffice.

Prev by Date: Webspell 4.x Local File Inclusion
Next by Date: Re: Internet Explorer 0day exploit
Previous by thread: Webspell 4.x Local File Inclusion
Next by thread: [security bulletin] HPSBST02243 SSRT071446 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-036 to MS07-041
Index(es):
- Date
- Thread