setup-config.php Google exploit… how to avoid it?

  • I was using StumbleUpon and came upon an article about evil things to do with Google. One of the evil things that anyone could do with Google is very simple. It only involves typing a a short line of search content. The search results bring up the setup page where you choose the database and prefix for the database.

    I did the search and found that this actually works. You can get access to this page. I haven’t tried continuing the installation on any of the websites that came up but I’m sure I could have.

    Does anyone know how to avoid this exploit? I’ve already chmod’d setup-config.php and wp-config.php to 604. Is this enough?

Viewing 1 replies (of 1 total)

  • the old intitle, inurl thing? meh.

    setup-config.php : you can delete that file after you’ve successfully installed WP…

    wp-config.php: theres no output if that file is opened in a browser.

    thats not an exploit either, btw.

Viewing 1 replies (of 1 total)
  • The topic ‘setup-config.php Google exploit… how to avoid it?’ is closed to new replies.