###################################################
PayProcart 3.x phpinfo disclosure
vendor url:http://www.profitcode.net/products/payprocart.html
vendor notified: yes exploit avaible: yes
original advisore:http://lostmon.blogspot.com/2005/04/
payprocart-profindcode-phpinfo.html
OSVDB ID:15422
Secunia: SA14832
###################################################
PayProcart installs a filed called phpinfos.php in the webroot folder
by default, this file calls phpinfo()
This reveals very intimate configuration data of the server running php:
http://[target]/path_to_store/phpinfos.php
solution:
delete this file or edit to established the correct access
thnx to estrella she is always in my mind
thnx to all who support me day at day
thnx to osvdb.org
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Data Mangle of: http://www.osvdb.org
La curiosidad es lo que hace mover la mente....
Subscribe to:
Posts (Atom)