It's not a bug, it's seems to be a feature. Take a look closer, the files are fisically there. I think a simple unix command can solve that security issue: rm -fr *.php~
Best regards, bro wrote: > In Simple Machine Forum application version 1.1.10, > everybody can see some PHP files as like as index.php by any browsers > just added "~" symbol to end of filename. > examples: > http://vulnsite.com/path_of_SMF/index.php~ > http://vulnsite.com/path_of_SMF/ssi_examples.php~ > http://vulnsite.com/path_of_SMF/SSI.php~ > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
