OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Exploit-Dev Archives: Re: Idiocy "exploit"

Re: Idiocy "exploit"

Subject: Re: Idiocy "exploit"
From: Blue Boar (BlueBoarTHIEVCO.COM)
Date: Wed Dec 01 1999 - 23:37:44 CST

Roy Wilson wrote:
>
> I was cruising a .GOV site the other day with GetRight in
> Browse mode (an enhanced FTP client, it appears), while walking a
> client through the directories he needed to traverse to find the file
> he wanted (a database).
>
> We were getting different file counts - his Netscape would show
> 7 files, GR on my end would show 28.
>
> After about two hours of messing around trying to find out what
> was going on, we finally found it.
>
> He had Netscape set to the default "Mozilla" for anon login
> password. If I set GR to any email address other than the one I was
> using the first time around, I only saw the seven files as well.
>
> The other 21 files were the raw data the cgi script used to
> build sorted db's for HTML display.
>
> The email address that showed all data?
>
> fraudirs.gov
>
> Being the curious person that I am, I started hitting state
> level sites as well as federal. About a third of them showed more
> files with the fraud than with mozilla.

Any idea which FTP server package this is, or what options cause this
behavior? Care to share the name of one of the sites?

                                                BB

This archive was generated by hypermail 2b27 : Thu Dec 02 1999 - 09:09:27 CST