#226 Critical Information disclosure

0.7.0 and Prior
open-accepted
nabber00
Security (24)
7
2012-05-01
2010-08-15
nabber00
No

Critical file (config file) is vulnerable to direct access
to view 'critical' information about the blog and the user when .htaccess is not processed.

http://\[Url]/sphpblog/config/configuration.txt

Source: http://seclists.org/bugtraq/2005/Apr/232

Discussion

  • nabber00
    nabber00
    2010-08-15

    • status: open --> open-accepted
     
  • nabber00
    nabber00
    2011-11-29

    There really only seems to be two ways to fix this.

    1) Store an encryption key in a .php file, similar to password.php. This key is then used to encrypt/decrypt the plain text configuration file.
    2) Store the entire configuration as a valid .php file.

    Option 2 should be simpler. We can just wrap the text into a variable.

     
  • nabber00
    nabber00
    2011-12-13

    This is related to CVE-2005-1136

     
  • nabber00
    nabber00
    2012-05-01

    • milestone: --> 0.7.0 and Prior