[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAM7p17OTLj1KkG8c_8VjSENcKWYrn_UFMxqGwcjpWODDnEHM9Q@mail.gmail.com>
Date: Fri, 12 Sep 2014 03:56:52 -0300
From: Fernando Mercês <nandu88@...il.com>
To: fulldisclosure@...lists.org
Subject: Re: [FD] Fwd: Security Access
It is funny they say "we secure your data" and use root/root as mysql
credentials. :D
Att,
Fernando Mercês
Linux Registered User #432779
www.mentebinaria.com.br
------------------------------------
"Ninguém pode ser escravo de sua identidade; quando surge uma possibilidade
de mudança é preciso mudar". (Elliot Gould)
On Fri, Sep 12, 2014 at 2:25 AM, Pedrov Jovovic <pedrov.jovovic@...il.com>
wrote:
> Hello This is my first post .
>
> Here are the details :
>
> Website : http://www.comguard.net/ - (Security Expoerts)
> I already sent them 2 emails and i didn't get a reply. The Security bug is
> really simple , i was able to get to this link
> http://www.comguard.net/include/ which lists all the files in the server.
> You can even download php files containing sensitive data including db
> password. Let me know if you need any additional details
>
> Regards
>
>
> ---------- Forwarded message ----------
> From: Fyodor <fyodor@...p.org>
> Date: Fri, Sep 12, 2014 at 1:12 AM
> Subject: Re: Security Access
> To: Pedrov Jovovic <pedrov.jovovic@...il.com>
>
>
> On Tue, Aug 19, 2014 at 9:36 PM, Pedrov Jovovic <pedrov.jovovic@...il.com>
> wrote:
>
> > Hello , i found a security issue in www.comguard.net. I already send
> them
> > 2 email and would like to disclose the information through your website
> is
> > that ok?
> >
>
> Yes, you can mail details to the fulldisclosure list.
>
> Cheers,
> Fyodor
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists