[VIM] CVE-2008-0135
str0ke
str0ke at milw0rm.com
Mon Dec 29 05:15:50 UTC 2008
Anyone who installs the app pretty much has to read the Readme.htm file.
>From the Readme.htm
*Change the database name:*
When using an Access database, all the data is stored in a single file,
unlike the other databases. So caution should be taken in where you
store your Access database as it can be downloaded by anyone if they
know the path.
If you store your Access database in a folder outside of your www folder
(or wherever you keep the files for the rest of your site), then you
should be safe because no one can download your database if it is
outside of your www folder.
If you store your database in a cgi-bin folder, or in your www folder,
then it is strongly recommended that you change the default database
name from *snitz_forums_2000.mdb* to a cryptic or not easy to guess
name. The name should be a combination of letters and numbers. That
makes it hard for anyone to guess the name of your database.
Example: *n92yr2fnis.mdb *
/str0ke
More information about the VIM
mailing list