Major security hole exposed!

www.sghackers.org down for weeks due to what I was told is hardware problem. But seems that the hardware problem is not the only problem cuz it exposed the site to a major security vulnerability!

The MIME types dunno what corrupted or what, but it is failing to render x-http-php file headers so browser not only dun understand the returned data, but server dun render the file content or recognise it.

So when server dun render a file especially scripted code, what happens? The server RETURNED THE ENTIRE FILE!

Ya, and since the site run WordPress, you hit wp-config.php and it return the whole file with DB username and password.

Super. Can access phpmyadmin WTF… and if UN/PW same, can also access email, cpanel login, ftp, etc etc.

Like this:

Be the first to like this post.

~ by benghacks on February 22, 2010.

Posted in HKEY_LOCAL_MACHINE

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

	SS8 Interceptor … on Mobile Secrets
	indonesiancoder.org … on indonesiancoder.org
	Jun Hao on SG Hackers
	milo on Mobile Secrets
	anon on Windows Vista Service Tweaks i…

M	T	W	T	F	S	S
« Dec				Mar »
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28

Beng Hacks