Bugtraq mailing list archives
Re: Netscape Web Publisher
From: nblasgen () NICK REFRACT COM (nblasgen () NICK REFRACT COM)
Date: Sun, 7 Nov 1999 23:17:54 -0800
Well, my version in C did not work out well, so here is the TCL version. Usage: ./netscape-test.tcl -i <host> or edit the file "check_hosts" add your own hosts to check in a list then.. ./netscape-test.tcl and it will check the entire list. Output is to STDIN... /Nicholas W. Blasgen Refract, LLC Attached is netscape-test.tar.gz On Sun, 7 Nov 1999, Tim Jones wrote:
This is not a HOLE. By default(I think)netscape -Enterprise/3.5.1I installs ALOT of shit that you will never need or use. But like most things people dont use people dont remove them. A major thing that netscape installs is Netscape Web Publisher. Which you can access VIA http. By default its /publisher/. Like on www.fbi.gov/publisher/ click on Start Web Publisher. Then after the java app load it will ask you for a Username and Password. Well just leave them blank and hit ENTER.. Now this is a bad idea because anyone could just brute force the User Name and password. Then after you do or dont enter a user name a password it will show you ALL files in the web dir. Now this is also a bad idea because some people leave like oh password lists,user names, cc info in the web dir. All of which you could access from the web if you had the info on were it was. So in short its a BAD idea to leave /publisher/ on netscape on. You should remove /publisher/. Most people dont give a shit like www.fbi.gov/publisher/ that you can look at all there files but there stupid so whatever.. I emailed netscape,fbi.gov about 2 weeks ago about this and I have got no reply.. So maybe they might fix it now. --flipz
<!-- attachment="netscape-test.tar.gz" --> <HR> <UL> <LI>APPLICATION/octet-stream attachment: netscape-test.tar.gz </UL>
Current thread:
- Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Blue Boar (Nov 05)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Marc Slemko (Nov 06)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Ben Laurie (Nov 06)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Stephen White (Nov 06)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Steven Champeon (Nov 07)
- Patch for VirusWall 3.23. dark spyrit (Nov 07)
- Netscape Web Publisher Tim Jones (Nov 06)
- Re: Netscape Web Publisher Mnemonix (Nov 07)
- Re: Netscape Web Publisher nblasgen () NICK REFRACT COM (Nov 07)
- vwxploit.c unix port Sebastian (Nov 08)
- Windows NT Spooler Service. Avri Schneider (Nov 07)
- [w00giving '99 #2] IMAIL POP server Shok (Nov 07)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Blue Boar (Nov 07)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Jefferson Ogata (Nov 08)
- MS Outlook alert : Cuartango Active Setup Elias Levy (Nov 08)
- BigIP - bigconf.cgi holes Guy Cohen (Jun 13)
- Re: MS Outlook alert : Cuartango Active Setup David LeBlanc (Nov 08)
- Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Mark (Nov 08)
- Insecure handling of NetSol maintainer passwords jlewis () LEWIS ORG (Nov 08)
(Thread continues...)