| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <441AA132.4040001@proxiad.com> Date: Fri Mar 17 11:47:46 2006 From: j.grosjean at proxiad.com (Julien GROSJEAN - Proxiad) Subject: Simple Oscommerce Google inurl trick It returns a lot of things... :) Joshua Zukerman a ?crit : > A quick search didn't return anything on the Google Hacking Database. > Submit it here: http://johnny.ihackstuff.com/index.php?module=prodreviews > > On 3/6/06, Jodi Middleton <cs3jm@....liv.ac.uk> wrote: >> Simply google inurl trick for Oscommerce for open administrator page. >> If no .htpassword is set for the admin folder of osCommerce then of >> course you can change any setting in the shop unless password security >> has been enabled on the admin console. >> >> Search google for; >> inurl:"/admin/configuration. php?" Mystore >> >> Despite a few demo pages there are a few open admin pages for webshops. >> Simple patch if you are one is to place a .htpassword file in the root >> of the admin folder. >> >> -- J.R.Middleton >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists