A vulnerability in google has been released on
http://www.0x000000.com/index.php.
"A large hole has been found inside Google’s service: "the removal of
websites tool" Earlofgrey reported about it today. There was not much
info available, so I decided to check it out myself before it is
plugged. Apparently it is a simple directory that wasn’t protected, so
we can traverse up their directory root and browse folders. A study
gave me the impression this hole is unique, legit and not a honey pot.
Now it can happen the best of the best that a directory becomes
readable. But, one must never, ever, not in a million years, store your
database connection info in a folder that can be viewed remotely. Like
the www folder."
Quoting the author
"I found the following information in the folders:
# Database stuff
DBDriver = org.gjt.mm.mysql.Driver
DBUrl = jdbc:mysql://localhost/dbRemoveUrl
DBLogin = root
# put password in before the push
DBPassword = k00k00 "
If this is true today is going to suck for someone…
