WebApp Sec mailing list archives
RE: security of _notes dirs
From: Mailing List <maillist () freedomsoftware co uk>
Date: Wed, 14 Sep 2005 17:21:15 +0100
I've found something worse, a file called contribute.xml which contains a password. I'm going to have a look to see if I can find out how the password is stored and if it can be decrypted/broken in some way. here is an example of the bit of the file I'm interested in: <macromedia_dreamweaver_hub write_vers_major="3" read_vers_major="4" read_vers_minor="0"> <site_name value="my clients site"/> <revision_history_levels value="3"/> <admin_password value="8FB744BAAA1F1BBBE8CDACCCAECDDD2F"/> <admin_e_mail2 value="676F7AAA6F6E4BBB77616E6EBBBD6F72CCC6E2E63DDDD"/> A quick google for inurl:contribute.xml shows lots of these files around, I can't have just found a massive security failing can I? I must be missing something somewhere. Robin On Mon, 2005-09-12 at 10:14 -0700, michael acadia wrote:
You should also look for any folders named _mmServerScripts. The scripts in this folder are used by Dreamweaver to support database connections during development and should be removed from production sites. See http://www.macromedia.com/go/tn_19214 -Michael-------- Original Message -------- Subject: RE: security of _notes dirs From: "Griffiths, Ian" <Ian.Griffiths () liv-coll ac uk> Date: Mon, September 12, 2005 10:44 am To: "webapp" <webappsec () securityfocus com> If its written by humans then yes of course, passwords, clues about file structure, girlfriends phone number, whatever. -----Original Message----- From: Mailing List [mailto:maillist () freedomsoftware co uk] Sent: 12 September 2005 10:55 To: webapp Subject: security of _notes dirs Hi I've been looking through a site and found a load of _notes directories containing .mno files. I know that these are created by dreamweaver and can contain design notes. None of the files I've found in the directories on this server have contained anything that could affect security but is there the potential for them to contain interesting security info? Robin
Current thread:
- security of _notes dirs Mailing List (Sep 12)
- <Possible follow-ups>
- RE: security of _notes dirs Griffiths, Ian (Sep 12)
- RE: security of _notes dirs michael acadia (Sep 12)
- RE: security of _notes dirs Mailing List (Sep 14)
- Re: security of _notes dirs Michael Acadia (Sep 14)
- Re: security of _notes dirs Mailing List (Sep 15)
- Re: security of _notes dirs Greg (Sep 15)
- Re: security of _notes dirs Peter Conrad (Sep 15)
- Re: security of _notes dirs Mailing List (Sep 15)
- RE: security of _notes dirs Mailing List (Sep 14)