Clientexec Billing Software
bugtraq_at_rloxy.com
Date: 10/12/04
- Previous message: Paul Szabo: "Eudora 6.2.0.7 attachment spoof"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 11 Oct 2004 20:03:16 -0500 To: bugtraq@securityfocus.com
Clientexec is a php billing software with a target audience of webhosts. By
default there is a file called phpinfo.php in the main clientexec directory.
This can be access by anyone with a web browser. I looked through the
documentation and didn't find any reference to it. I then checked several
different companies using this piece of software and all had it in the same
place. I contacted the vendor and he said he would fix it. I know this sounds
silly, but many people that use this software are not familar with issues like
these let alone know what the phpinfo() function does.
William
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
- Previous message: Paul Szabo: "Eudora 6.2.0.7 attachment spoof"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
