Tuesday, January 17, 2012

Happy NY2012 - Directory Traversal

Shouts to all the people who tell me, directory traversal / listing is NOT important.

Additional shouts to people who tell me, how their website "security" budget is cramped, but they can do endless scans of their intranet, internal network and desktops for compliance, year on year! :)

################################################
# Website: www.mmasuperstore.com.au
# Date: 18.01.12
# Bug: Database PWNage
###############################################

If only you guys had invested a portion of the money you spent on design towards security, this day would not have arrived!


But, Enjoy while it lasts... Consider this to be more publicity :))


Directory Traversal Vuln - MMA Super Store


WP Config File - MMA Super Store

What you have to learn from this incident is invest in security... as much or a portion of your design budget. Test the website with QA & Security instead of designing eye candy and flashing banners for "affiliate" dollars in mind!

When you run an online store and sell merchandise, please provide the "level of security" promised in your privacy statement instead of keeping things adhoc and designing a flashy website. The Internet is not a secure place, the Internet was not designed with adequate security.

Directory traversal is often overlooked and Websites don't get the attention they deserve, in 2012, that's a bad statistic !

Cheers,
Kish