[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] In ur server-status
- To: Todd Troxell <ttroxell@xxxxxxxxxx>
- Subject: Re: [Full-disclosure] In ur server-status
- From: Alessandro Fiorenzi <a.fiorenzi@xxxxxxxxxxxx>
- Date: Mon, 23 Jul 2007 13:21:16 +0200
Well I find is more serious to find /server-info availabable on one of
thats,
you could rebuild some important information on the apache
configuration, modules, directives, etc..
Alessandro Fiorenzi
On Sat, 2007-07-21 at 22:53 -0500, Todd Troxell wrote:
> Noticing lots of admins tend to forget about /server-status, I typed at
> random:
>
> http://www.cnn.com/server-status
> http://www.webshots.com/server-status
> http://www.download.com/server-status
> http://slashdot.org/server-status
>
> I am sure there are ten billion others. In some cases this is worse than
> someone grabbing your access log.
>
------------------------------------------------------------------------------------
INFOGROUP S.P.A http://www.infogroup.it
Gruppo Banca CR Firenze
http://www.carifirenze.it
------------------------------------------------------------------------------------
Dott. Fiorenzi Alessandro
Security Project & Management
Consulente Tecnico Trib. Firenze - Sicurezza Informatica -
Albo consulenti ed esperti CCIAA Firenze
Socio CLUSIT, ALSI
Member of IEEE Computer Society
Tel : +390554365742
CE : +393356414477
@Email : a.fiorenzi@xxxxxxxxxxxx
@Email : Security.Management@xxxxxxxxxxxx
PGP Key: http://www.infogroup.it/ds/fiorenzi.asc
------------------------------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/