Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Possible security breach/hole


garnet

Recommended Posts

If you have a .htaccess protection of the admin (most likely renamed) folder, looking at the server_info.php file from within your administration back-end will list your .htaccess user and password in plain text.

I dont know if this could be used in and malicious way, but you would be better off if you get rid of the server_info.php file.

Any more opinions welcome.

OSC beginner

Link to comment
Share on other sites

If you have a .htaccess protection of the admin (most likely renamed) folder, looking at the server_info.php file from within your administration back-end will list your .htaccess user and password in plain text.

I dont know if this could be used in and malicious way, but you would be better off if you get rid of the server_info.php file.

Any more opinions welcome.

The flaw in this logic is that if you have .htaccess protection and they can get to server_info.php and display it, that means they can get to every other file in the admin as well.

 

And just for "grins and giggles" mine shows the .htaccess username but NOT the password.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...