today i found some major security problem. the issue can be found at all integramod 1.4.x versions.
explanation of the issue:
all integramod versions do have a backup folder where the daily database backups are stored. the coders
of integramod forgott to secure this folder.
just head to the official page of integramod www.integramod.com. you are being redirected
to http://www.integramod.com/forum/ . now just head into the backup folder: http://www.integramod.com/forum/backup.
As you can see you have full access to all database backups!
-> www.pagename/installpath/backup/ directly leads to the database backups!
notice: some versions do have a index.html in the folder but it is easy to get the backups any way
bacause they are alway stored in the dame format:
greetings from germany
# milw0rm.com [2008-09-06]