Hard-coded credentials exposed
-
It's so commonplace it's not surprising enough to be a WTF anymore.
From redacted.com
public static String STR_FTP_SERVER_ADDRESS = "redacted"; public static String STR_FTP_USER = "redacted"; public static String STR_FTP_PASSWORD = "Redacted";
Yes, they do work. Someone popped an exploit on their FTP server then attempted to trojan my webserver:ftp://AlfaRichi:3KpWEwg%@redacted//bot.php
-
The scary thing is, he can't even fix it without either deleting the repository or the FTP account...