Vulnerability Development mailing list archives
Idiocy "exploit"
From: emperor () SQUONK NET (Roy Wilson)
Date: Wed, 1 Dec 1999 08:02:40 -0500
I don't know if this is really suitable for this list, it's
more of a "pay attention to what you're doing, dummy" "exploit.
I was cruising a .GOV site the other day with GetRight in
Browse mode (an enhanced FTP client, it appears), while walking a
client through the directories he needed to traverse to find the file
he wanted (a database).
We were getting different file counts - his Netscape would show
7 files, GR on my end would show 28.
After about two hours of messing around trying to find out what
was going on, we finally found it.
He had Netscape set to the default "Mozilla@" for anon login
password. If I set GR to any email address other than the one I was
using the first time around, I only saw the seven files as well.
The other 21 files were the raw data the cgi script used to
build sorted db's for HTML display.
The email address that showed all data?
fraud () irs gov
Being the curious person that I am, I started hitting state
level sites as well as federal. About a third of them showed more
files with the fraud@ than with mozilla@.
Current thread:
- Idiocy "exploit" Roy Wilson (Dec 01)
- Re: Idiocy "exploit" Blue Boar (Dec 01)
- Re: Idiocy "exploit" Joel Eriksson (Dec 03)
- Owning privileged processes under UnixWare Tellier, Brock (Dec 06)
- Re: Owning privileged processes under UnixWare Elias Levy (Dec 06)
- Re: Owning privileged processes under UnixWare Blue Boar (Dec 07)
- rpcclient 2.0.5a crashed services.exe Blue Boar (Dec 13)
- Wireless LANs ? Sebastian Andersson (Dec 14)
- [Fwd: rpcclient 2.0.5a crashed services.exe] Blue Boar (Dec 15)
- BSD chfn bug Pavol Luptak (Dec 20)
- Re: BSD chfn bug Przemyslaw Frasunek (Dec 21)
- Re: Idiocy "exploit" Blue Boar (Dec 01)