shopex. cn 3 source code download, leak of sensitive information vulnerability and the Fix-vulnerability warning-the black bar safety net

2010-12-16T00:00:00
ID MYHACK58:62201028585
Type myhack58
Reporter 佚名
Modified 2010-12-16T00:00:00

Description

Brief Description: can be URL Direct Download or view the Web App directory structure, source code, Subversion server address, permission to modify the program of the account and other information. Vulnerability to prove:<http://dev.shopex.cn/.svn/entries> <http://book.shopex.cn/.svn/entries> <http://jnc.saas-telcom.shopex.cn/.svn/entries> Solution: delete/filter all . svn directory, to restrict access . svn directory and this directory any file