allintext:"fs-admin.php"

• SHDB
• 1749 阅读

• 日期：2011-01-09
• 类别：
  • Footholds
• 作者：anonymous
• 语法：allintext:"fs-admin.php"

• A foothold using allintext:"fs-admin.php" shows the world readable

  directories of a plug-in that enables WordPress to be used as a forum. Many

  of the results of the search also show error logs which give an attacker the

  server side paths including the home directory name. This name is often also

  used for the login to ftp and shell access, which exposes the system to

  attack. There is also an undisclosed flaw in version 1.3 of the software, as

  the author has mentioned in version 1.4 as a security fix, but does not tell

  us what it is that was patched.

  Author: DigiP