Penetration Testing mailing list archives
Re: [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages
From: Gossi The Dog <gossi () OWNED LAB6 COM>
Date: Mon, 26 Mar 2001 01:00:47 +0100
On Sun, 25 Mar 2001, H D Moore wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On the topic of RAQ's, I thought I would throw this one out. On older RAQ installs (maybe new ones too, havent checked), you can access a couple items in the administration interface without logging in: Current system load: /cgi-bin/.cobalt/cpuUsage/loadavg.cgi Legato Backup Server: /cgi-bin/.cobalt/networker/networker.cgi Telnet Usage: /cgi-bin/.cobalt/telnetUsage/telnetUsage.cgi
Yikes. This appears to indeed work on RaQ2's. It doesn't work on RaQ3's - there's correct .htaccess files in place, which require the admin password to access the relevant pages. Of course, that relies on the system administrator changing the admin password... I don't have a RaQ4i to check this, however I'd presume its patched there. I'll forward this mail onto Cobalt (now owned by Sun Microsystems) security to make sure they actually know (since they've fixed the issue in later versions of the OS I'd presume so). Gossi.
Current thread:
- [PEN-TEST] Finding Web Admin Pages Julian Niemeyer (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages Fyodor (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages H D Moore (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages Gossi The Dog (Mar 25)
- [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages H D Moore (Mar 25)
- Re: [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages Gossi The Dog (Mar 25)
- [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages H D Moore (Mar 25)
- <Possible follow-ups>
- Re: [PEN-TEST] Finding Web Admin Pages Yonatan Bokovza (Mar 25)