Description - Sensitive Information Disclosure in Text Rider

Sensitive Information Disclosure found in Text Rider script.

Exploit
Available
Solution
Not available - check vendor's website

Directory data isn't protected by htaccess in default installiation. This can be used to retrieve registered user's information including logins and password's md5 hashes.

Cookie-based authentication is threatened.

To authenticate as administrator cookies need to contain the folowing:

username=[admin user]password=[md5 hash]

Administrator has an ability to edit "config.php" file and upload arbitrary files.

System access is possible.

Order Source Code Audit

Check a site or web application by source code analysis of your website made by Aliaksandr Hartsuyeu.The order will be done by experts in web application security.

Advisories by vuln type