Budgettravel.mu "root" directory

From: Ish Sookun <ish_at_hacklog.in>
Date: Tue, 7 Apr 2015 21:20:57 +0400

Dear Sir/Madam,

I visited budgettravel.mu[1] and found that the website has files &
directories in public view that could potentially harm the server and other
websites running on the same.

My finding also lead to the discovery of an SQL[2] file containing IP and
email addresses that could be used to identify people. I am therefore
copying this email to the Data Protection Commissioner (I could not find
the office general enquiry email + online complaint form[3] isn't working).

Security-wise there is a direcory named "hackinglogs" under budgettravel.mu
that contains several other files with content designed for phishing
scams[4].

​I therefore flag this as a security vulnerability and privacy breach.

​[1] ​http://hacklog.in/wp-content/uploads/2015/04/budgettravel-mu-files.jpg
[2] http://hacklog.in/wp-content/uploads/2015/04/budgettravel-mu-emails.jpg
[3]
http://hacklog.in/wp-content/uploads/2015/04/dataprotection-complaint-error.jpg
[4]
http://hacklog.in/wp-content/uploads/2015/04/budgettravel-mu-hackinglogs.jpg

Regards,

-- 
​Ish Sookun
- Geek by birth, Linux by choice.
- I blog at HACKLOG.in.
https://twitter.com/IshSookun ^^ Do you tweet?

Received on Tue Apr 07 2015 - 17:21:18 PST