It is funny they say "we secure your data" and use root/root as mysql credentials. :D
Att, Fernando Mercês Linux Registered User #432779 www.mentebinaria.com.br ------------------------------------ "Ninguém pode ser escravo de sua identidade; quando surge uma possibilidade de mudança é preciso mudar". (Elliot Gould) On Fri, Sep 12, 2014 at 2:25 AM, Pedrov Jovovic <pedrov.jovo...@gmail.com> wrote: > Hello This is my first post . > > Here are the details : > > Website : http://www.comguard.net/ - (Security Expoerts) > I already sent them 2 emails and i didn't get a reply. The Security bug is > really simple , i was able to get to this link > http://www.comguard.net/include/ which lists all the files in the server. > You can even download php files containing sensitive data including db > password. Let me know if you need any additional details > > Regards > > > ---------- Forwarded message ---------- > From: Fyodor <fyo...@nmap.org> > Date: Fri, Sep 12, 2014 at 1:12 AM > Subject: Re: Security Access > To: Pedrov Jovovic <pedrov.jovo...@gmail.com> > > > On Tue, Aug 19, 2014 at 9:36 PM, Pedrov Jovovic <pedrov.jovo...@gmail.com> > wrote: > > > Hello , i found a security issue in www.comguard.net. I already send > them > > 2 email and would like to disclose the information through your website > is > > that ok? > > > > Yes, you can mail details to the fulldisclosure list. > > Cheers, > Fyodor > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/