| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ae859a330604042225v2c42d6bck7c0a5441abc9b639@mail.gmail.com> Date: Wed Apr 5 06:25:57 2006 From: silentw at gmail.com (silentw) Subject: WebEOC Vuln - more info Hi Guys, Doing a pen test I have come up with a WebEOC server. There are a few vulns listed at: http://secunia.com/advisories/16075/ specifically I am interested in : "6) Sensitive information is exposed in URIs, stored in publicly accessible configuration files, and in the HTML code returned to users. 7) A design error allows malicious users to access parts of the application that they should not have access to by directly specifying the URL." however I have been unable to find out what these files are called. Any information from people would be great. ESi have a demo on their site, but it involves pretending to be interested in buying it and talking to their sales guys.. so I figured I would ask here first. Cheers. hf -- parents will have to make sacrifices
Powered by blists - more mailing lists