Nowadays, more and more sites are dynamic web applications, driven by WordPress, Joomla, Drupal… or other free, open source CMS, as well as custom “closed source” CMS. All of them are more or less vulnerable. According to Sam Ransbotham, as stated in “An Empirical Analysis of Exploitation Attempts based on Vulnerabilities in Open Source Software” open source applications are more vulnerable then close source.
The reasons for this issue is known as architecture of open source applications, for instance config files, etc.
Recently, a friend of mine, discovered possible vulnerability in one of my wordpress sites. The vulnerability was resulted by migrating the web site to another server, which require editing of
wp-config.php in order to set up database connection. Usually, this kind of changes are made directly on the server. The most common server side text editor is
vim, which by default creates backup files. Consequently, after editing of
wp-config.php, backup file
wp-config.php~, which is accessible as “text” file through web server, revealing database credentials to outer world.
The solution is extremely simple, by preventing access to backup files:
<Files ~ "\.php~"> Order allow,deny Deny from all Satisfy all </Files>
Just in case, always include this directive in your .htaccess file.