• 日期:2011-01-09
  • 类别:
  • 作者:anonymous
  • 语法:allintext:"fs-admin.php"
  • A foothold using allintext:"fs-admin.php" shows the world readable

    directories of a plug-in that enables WordPress to be used as a forum. Many

    of the results of the search also show error logs which give an attacker the

    server side paths including the home directory name. This name is often also

    used for the login to ftp and shell access, which exposes the system to

    attack. There is also an undisclosed flaw in version 1.3 of the software, as

    the author has mentioned in version 1.4 as a security fix, but does not tell

    us what it is that was patched.

    Author: DigiP