[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] WebEOC Vuln - more info

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] WebEOC Vuln - more info
From: silentw <silentw@xxxxxxxxx>
Date: Wed, 5 Apr 2006 15:25:48 +1000

Hi Guys,

 Doing a pen test I have come up with a WebEOC server. There are a few
vulns listed at:

http://secunia.com/advisories/16075/

specifically I am interested in :

"6) Sensitive information is exposed in URIs, stored in publicly
accessible configuration files, and in the HTML code returned to
users.

7) A design error allows malicious users to access parts of the
application that they should not have access to by directly specifying
the URL."

however I have been unable to find out what these files are called.
Any information from people would be great. ESi have a demo on their
site, but it involves pretending to be interested in buying it and
talking to their sales guys.. so I figured I would ask here first.

Cheers.
hf

--
parents will have to make sacrifices

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [Updated] [FLSA-2006:186277] Updated sendmail packages fix security issue
Next by Date: [Full-disclosure] [SECURITY] [DSA 1018-2] New Linux kernel 2.4.27 packages fix several vulnerabilities
Previous by thread: [Full-disclosure] [Updated] [FLSA-2006:186277] Updated sendmail packages fix security issue
Next by thread: [Full-disclosure] [SECURITY] [DSA 1018-2] New Linux kernel 2.4.27 packages fix several vulnerabilities
Index(es):
- Date
- Thread