Re: Fwd: Security Access

[Fernando Mercês <nandu88 () gmail com>]

It is funny they say "we secure your data" and use root/root as mysql
credentials. :D

Att,

Fernando Mercês
Linux Registered User #432779
www.mentebinaria.com.br
------------------------------------
"Ninguém pode ser escravo de sua identidade; quando surge uma possibilidade
de mudança é preciso mudar". (Elliot Gould)

On Fri, Sep 12, 2014 at 2:25 AM, Pedrov Jovovic <pedrov.jovovic () gmail com>
wrote:

> Hello This is my first post .
>
> Here are the details :
>
> Website : http://www.comguard.net/    - (Security Expoerts)
> I already sent them 2 emails and i didn't get a reply. The Security bug is
> really simple , i was able to get to this link
> http://www.comguard.net/include/  which lists all the files in the server.
> You can even download php files containing sensitive data including db
> password. Let me know if you need any additional details
>
> Regards
>
>
> ---------- Forwarded message ----------
> From: Fyodor <fyodor () nmap org>
> Date: Fri, Sep 12, 2014 at 1:12 AM
> Subject: Re: Security Access
> To: Pedrov Jovovic <pedrov.jovovic () gmail com>
>
>
> On Tue, Aug 19, 2014 at 9:36 PM, Pedrov Jovovic <pedrov.jovovic () gmail com>
> wrote:
>
> > Hello , i found a security issue in www.comguard.net. I already send
> them
> > 2 email and would like to disclose the information through your website
> is
> > that ok?
>
> Yes, you can mail details to the fulldisclosure list.
>
> Cheers,
> Fyodor
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/