lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <43B66833.6020200@yahoo.es>
Date: Sat, 31 Dec 2005 12:14:59 +0100
From: Rafael San Miguel Carrasco <smcsoc@...oo.es>
To: bugtraq@...urityfocus.com
Subject: Recruitment Software allows MySQL credentials disclosure



PRODUCT DESCRIPTION
Recruitment Software (http://www.recruitment-agency-software.com/) is a 
free full featured web-based recruitment agency software product. An 
easy to use back-end administration gives you full control over your 
recruitment job listings.
It has been checked that several institutions are relying on this 
software for their recruitment processes.

VULNERABILITY DESCRIPTION
Default installations allows anyone to read MySQL database credentials. 
The following URL shows an XML file with such information:
http://<server>/<root-dir>/admin/site.xml

WORKAROUND
Protect this resource with HTTP-based authentication

Rafael San Miguel Carrasco
Security Consultant
www.rafaelsanmiguel.com



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ