Vulnerability Development mailing list archives
Re: Idiocy "exploit"
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Wed, 1 Dec 1999 21:37:44 -0800
Roy Wilson wrote:
I was cruising a .GOV site the other day with GetRight in
Browse mode (an enhanced FTP client, it appears), while walking a
client through the directories he needed to traverse to find the file
he wanted (a database).
We were getting different file counts - his Netscape would show
7 files, GR on my end would show 28.
After about two hours of messing around trying to find out what
was going on, we finally found it.
He had Netscape set to the default "Mozilla@" for anon login
password. If I set GR to any email address other than the one I was
using the first time around, I only saw the seven files as well.
The other 21 files were the raw data the cgi script used to
build sorted db's for HTML display.
The email address that showed all data?
fraud () irs gov
Being the curious person that I am, I started hitting state
level sites as well as federal. About a third of them showed more
files with the fraud@ than with mozilla@.
Any idea which FTP server package this is, or what options cause this
behavior? Care to share the name of one of the sites?
BB
Current thread:
- Idiocy "exploit" Roy Wilson (Dec 01)
- Re: Idiocy "exploit" Blue Boar (Dec 01)
- Re: Idiocy "exploit" Joel Eriksson (Dec 03)
- Owning privileged processes under UnixWare Tellier, Brock (Dec 06)
- Re: Owning privileged processes under UnixWare Elias Levy (Dec 06)
- Re: Owning privileged processes under UnixWare Blue Boar (Dec 07)
- rpcclient 2.0.5a crashed services.exe Blue Boar (Dec 13)
- Wireless LANs ? Sebastian Andersson (Dec 14)
- [Fwd: rpcclient 2.0.5a crashed services.exe] Blue Boar (Dec 15)
- BSD chfn bug Pavol Luptak (Dec 20)
- Re: BSD chfn bug Przemyslaw Frasunek (Dec 21)
- Re: BSD chfn bug Warner Losh (Dec 21)
- Re: Idiocy "exploit" Blue Boar (Dec 01)