Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Simple Oscommerce Google inurl trick

From: "Joshua Zukerman" <hawk82 () gmail com>
Date: Mon, 6 Mar 2006 19:22:44 -0500
A quick search didn't return anything on the Google Hacking Database.
Submit it here: http://johnny.ihackstuff.com/index.php?module=prodreviews

On 3/6/06, Jodi Middleton <cs3jm () csc liv ac uk> wrote:


Simply google inurl trick for Oscommerce for open administrator page.
If no .htpassword is set for the admin folder of osCommerce then of
course you can change any setting in the shop unless password security
has been enabled on the admin console.

Search google for;
inurl:"/admin/configuration. php?" Mystore

Despite a few demo pages there are a few open admin pages for webshops.
Simple patch if you are one is to place a .htpassword file in the root
of the admin folder.

-- J.R.Middleton
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: