Full Disclosure: Re: Sonicwall license servers down .. all customers affected

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Sonicwall license servers down .. all customers affected

From: Michael Holstein <michael.holstein () csuohio edu>
Date: Wed, 03 Dec 2008 09:28:44 -0500

https://licensemanager.sonicwall.com/newui/admin/admin.jsp

thats hilarious - it MUST be a kind of honeypot :P


I think they threw up a new licensemanager server without reviewing the 
config .. it allows directory enumeration on a lot of pages (including 
the root).

This one is interesting :

https://licensemanager.sonicwall.com/js/ClientValidationMethods.js

Seems remote debug is on as well :

https://licensemanager.sonicwall.com/mf/fwregister_done.jsp

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Sonicwall license servers down .. all customers affected IT Security (Dec 02)
- Re: Sonicwall license servers down .. all customers affected Rob Thompson (Dec 02)
  - Re: Sonicwall license servers down .. all customers affected pUm (Dec 03)
    - Re: Sonicwall license servers down .. all customers affected Michael Holstein (Dec 03)