Re: PHP Advanced Transfer Manager Download users password hashes

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: PHP Advanced Transfer Manager Download users password hashes
From: jn@xxxxxx
Date: 13 Jun 2006 13:26:15 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

The phpatm support forum (currently down) advises administrators to put a 
.htaccess into the users directory with the following content:

# no one gets in here!
 order allow,deny
 deny from all

Furthermore the website recommends to rename the "users" directory and change 
the corresponding variable in the config-file.

These two things done, it is no longer possible to download the hashes.

Prev by Date: animesuki XSS
Next by Date: Windowsitpro.com - XSS with cookie disclosure
Previous by thread: PHP Advanced Transfer Manager Download users password hashes
Next by thread: n8cms 1.1 & 1.2 version Sql İnjection And XSS
Index(es):
- Date
- Thread