On Wed, Jan 30, 2013 at 08:31:57PM +0200, MustLive wrote: > Information Leakage (WASC-13): > > http://site/wp-content/plugins/path/data.txt > http://site/wp-content/plugins/path/archive.txt > > Folder "path" can be WP-Attack-Scanner or WP-Attack-Scanner-Free. > > Unrestricted access to the data - they can be accessed in the browser > without authorization. Even the data is encrypted, but by default the > password is "changepassword". If the password was not changed, then the data > is easily decrypting. If it was changed, then the password can be picked up.
What data is stored to those files? -- Henri Salo _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/