- Dayfox Blog Insecure Password Storage -
-= Dayfox Blog =-
Omnipresent
May 19, 2006
Insecure Password Storage
Dayfox Blog
http://www.hotscripts.com/Detailed/57720.html
An extremily simple blog php script, without the need for a MYSQL databse, run on TXT flat files.
Resource Specification
Platform(s): linux, windows, freebsd, osx, sun
Date Added: Mar 14, 2006
Last Updated: Mar 14, 2006
Author: Dayfox
The vulnerability in Dayfox Blog is Insecure Password Storage. The password are stored in a .txt file named slog_users.txt
and if an attacker use the simple browser can see all passwords.
Malicious people can go to this URL:
http://127.0.0.1/[path_of_Dayfo_Blog]/edit/slog_users.txt
and can see all Password!
Not informed!
omnipresent
[email protected]