Re: Re: [InterN0T] Geeklog 1.5 - Pre-Installation Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: [InterN0T] Geeklog 1.5 - Pre-Installation Vulnerabilities
From: peter@xxxxxxxxx
Date: 4 Jun 2009 21:53:59 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hi Dirk,

"
>-:: Solution ::-
>I didn't bother to find one, sorry.

A simple solution is to follow the installation instructions, which
strongly recommend removing the install script after a successful
install. There are also further checks and reminders about this built
into Geeklog.
"
You cant expect your users to do so, then the best way would be to force the 
webmaster to remove the install scripts before he can use the CMS.

Regards

Prev by Date: Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication
Next by Date: [Security] XM Easy Personal FTP Server Multiple DoS vulnerabilities
Previous by thread: Re: [InterN0T] Geeklog 1.5 - Pre-Installation Vulnerabilities
Next by thread: [InterN0T] Flatnux 2009-03-27 - XSS Vulnerabilities + More
Index(es):
- Date
- Thread