mailing list archives
WebEOC Vuln - more info
From: silentw <silentw () gmail com>
Date: Wed, 5 Apr 2006 15:25:48 +1000
Doing a pen test I have come up with a WebEOC server. There are a few
vulns listed at:
specifically I am interested in :
"6) Sensitive information is exposed in URIs, stored in publicly
accessible configuration files, and in the HTML code returned to
7) A design error allows malicious users to access parts of the
application that they should not have access to by directly specifying
however I have been unable to find out what these files are called.
Any information from people would be great. ESi have a demo on their
site, but it involves pretending to be interested in buying it and
talking to their sales guys.. so I figured I would ask here first.
parents will have to make sacrifices
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- WebEOC Vuln - more info silentw (Apr 05)