Check it out: when You ('for example') have some 'troubles'* with Your database,
then 'me as a pentester' can get some 'usefull' information, when You have also installed phpBB. Idea is crazy but... it's just a talk, so ... ;)
Anyway, looks like this:
 |
| 'Idea'-info... |
... and we can do it like that:
Two (paranoid;)) scenarios:
- first: Your database (port) is ddosed/maybe crashed by some 'time limit'/to-many-connection-from-webapp-situations, and so on...
- second: database stopped in this or other way.
...and now: "plus" 'all above', if You have installed (default) phpBB 3.0.10,
You can get this information: "this maybe is default installed 'all'-server-soft"...
:) So, like I said, this 'could be' valuable information for tester, because now
he/she can 'hit' other "defaults", for example, with DirBuster, nmap, and so on.
How to repair that? Maybe quick-fix should be to remove 'adding' line about
where is .sock-file?
Let me know what do You think :)
Enjoy Your weekend!
o/
No comments:
Post a Comment
What do You think...?