Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

WebEOC Vuln - more info
From: silentw <silentw () gmail com>
Date: Wed, 5 Apr 2006 15:25:48 +1000

Hi Guys,

 Doing a pen test I have come up with a WebEOC server. There are a few
vulns listed at:

http://secunia.com/advisories/16075/

specifically I am interested in :

"6) Sensitive information is exposed in URIs, stored in publicly
accessible configuration files, and in the HTML code returned to
users.

7) A design error allows malicious users to access parts of the
application that they should not have access to by directly specifying
the URL."

however I have been unable to find out what these files are called.
Any information from people would be great. ESi have a demo on their
site, but it involves pretending to be interested in buying it and
talking to their sales guys.. so I figured I would ask here first.

Cheers.
hf

--
parents will have to make sacrifices

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • WebEOC Vuln - more info silentw (Apr 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault