lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 31 Jan 2013 02:06:44 +0200
From: Henri Salo <>
To: MustLive <>
Subject: Re: Vulnerabilities in WordPress Attack Scanner
 for WordPress

On Wed, Jan 30, 2013 at 08:31:57PM +0200, MustLive wrote:
> Information Leakage (WASC-13):
> http://site/wp-content/plugins/path/data.txt
> http://site/wp-content/plugins/path/archive.txt
> Folder "path" can be WP-Attack-Scanner or WP-Attack-Scanner-Free.
> Unrestricted access to the data - they can be accessed in the browser 
> without authorization. Even the data is encrypted, but by default the 
> password is "changepassword". If the password was not changed, then the data 
> is easily decrypting. If it was changed, then the password can be picked up.

What data is stored to those files?

Henri Salo

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists