Security Advisory: Log File Path Predictability in dasBlog Community Edition

dasBlog stores log files in known subdirectories of the blog site, e.g. or

With a default installation (as provided by the installation instructions) these files can be downloaded anonymously and can leak information about your site.

remove read ACLs for IUSR_MACHINENAME or remove anoymous and integrated authentication from the sub directory in IIS.


This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s