On 3 October 2014 16:07:52 BST, Jim Giner <jim.giner@xxxxxxxxxxxxxxxxxx> wrote: >On 10/3/2014 11:04 AM, Richard wrote: >> >> >> There are a range of potential vectors, potentially including your >> php code, so I would suggest looking at the server (both the web >> server and system-level) logs to see if you can identify the >> source/manner. >> >> - Richard >> >> >I have no files with passwords stored in the web accessible tree. >Also, I have no idea what to look for in any logs. One possible (and likely vector) is tgurd-party plugins. For example, I had the same through a tinymce plugin vulnerability. Thanks, Ash -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
