Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Netscape Web Publisher

From: nblasgen () NICK REFRACT COM (nblasgen () NICK REFRACT COM)
Date: Sun, 7 Nov 1999 23:17:54 -0800

Well, my version in C did not work out well, so here is the TCL version.

Usage:

  ./netscape-test.tcl -i <host>

or edit the file "check_hosts" add your own hosts to check in a list
then..

  ./netscape-test.tcl

and it will check the entire list.  Output is to STDIN...

/Nicholas W. Blasgen
Refract, LLC

Attached is netscape-test.tar.gz

On Sun, 7 Nov 1999, Tim Jones wrote:


   This is not a HOLE. By default(I think)netscape -Enterprise/3.5.1I installs ALOT of shit that you will never need 
or use. But like most things people dont use people dont remove them. A major thing that netscape installs is 
Netscape Web Publisher. Which you can access VIA http. By default its /publisher/. Like on www.fbi.gov/publisher/ 
click on Start Web Publisher. Then after the java app load it will ask you for a Username and Password. Well just 
leave them blank and hit ENTER.. Now this is a bad idea because anyone could just brute force the User Name and 
password. Then after you do or dont enter a user name a password it will show you ALL files in the web dir. Now this 
is also a bad idea because some people leave like oh password lists,user names, cc info in the web dir. All of which 
you could access from the web if you had the info on were it was. So in short its a BAD idea to leave /publisher/ on 
netscape on. You should remove /publisher/. Most people dont give a shit like www.fbi.gov/publisher/ that you can 
look at all there files but there stupid so whatever.. 

I emailed netscape,fbi.gov about 2 weeks ago about this and I have got no reply.. So maybe they might fix it now.

--flipz



<!-- attachment="netscape-test.tar.gz" -->
<HR>
<UL>
<LI>APPLICATION/octet-stream attachment: netscape-test.tar.gz
</UL>
Previous By Date Next
Previous By Thread Next

Current thread: