lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAM7p17OTLj1KkG8c_8VjSENcKWYrn_UFMxqGwcjpWODDnEHM9Q@mail.gmail.com>
Date: Fri, 12 Sep 2014 03:56:52 -0300
From: Fernando Mercês <nandu88@...il.com>
To: fulldisclosure@...lists.org
Subject: Re: [FD] Fwd: Security Access

It is funny they say "we secure your data" and use root/root as mysql
credentials. :D

Att,

Fernando Mercês
Linux Registered User #432779
www.mentebinaria.com.br
------------------------------------
"Ninguém pode ser escravo de sua identidade; quando surge uma possibilidade
de mudança é preciso mudar". (Elliot Gould)

On Fri, Sep 12, 2014 at 2:25 AM, Pedrov Jovovic <pedrov.jovovic@...il.com>
wrote:

> Hello This is my first post .
>
> Here are the details :
>
> Website : http://www.comguard.net/    - (Security Expoerts)
> I already sent them 2 emails and i didn't get a reply. The Security bug is
> really simple , i was able to get to this link
> http://www.comguard.net/include/  which lists all the files in the server.
> You can even download php files containing sensitive data including db
> password. Let me know if you need any additional details
>
> Regards
>
>
> ---------- Forwarded message ----------
> From: Fyodor <fyodor@...p.org>
> Date: Fri, Sep 12, 2014 at 1:12 AM
> Subject: Re: Security Access
> To: Pedrov Jovovic <pedrov.jovovic@...il.com>
>
>
> On Tue, Aug 19, 2014 at 9:36 PM, Pedrov Jovovic <pedrov.jovovic@...il.com>
> wrote:
>
> > Hello , i found a security issue in www.comguard.net. I already send
> them
> > 2 email and would like to disclose the information through your website
> is
> > that ok?
> >
>
> Yes, you can mail details to the fulldisclosure list.
>
> Cheers,
> Fyodor
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ