Full Disclosure mailing list archives
WebEOC Vuln - more info
From: silentw <silentw () gmail com>
Date: Wed, 5 Apr 2006 15:25:48 +1000
Hi Guys, Doing a pen test I have come up with a WebEOC server. There are a few vulns listed at: http://secunia.com/advisories/16075/ specifically I am interested in : "6) Sensitive information is exposed in URIs, stored in publicly accessible configuration files, and in the HTML code returned to users. 7) A design error allows malicious users to access parts of the application that they should not have access to by directly specifying the URL." however I have been unable to find out what these files are called. Any information from people would be great. ESi have a demo on their site, but it involves pretending to be interested in buying it and talking to their sales guys.. so I figured I would ask here first. Cheers. hf -- parents will have to make sacrifices _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- WebEOC Vuln - more info silentw (Apr 04)