Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12090
HistoryApr 05, 2006 - 12:00 a.m.

[Full-disclosure] WebEOC Vuln - more info

2006-04-0500:00:00
vulners.com
8
JSON

Hi Guys,

Doing a pen test I have come up with a WebEOC server. There are a few
vulns listed at:

http://secunia.com/advisories/16075/

specifically I am interested in :

"6) Sensitive information is exposed in URIs, stored in publicly
accessible configuration files, and in the HTML code returned to
users.

7) A design error allows malicious users to access parts of the
application that they should not have access to by directly specifying
the URL."

however I have been unable to find out what these files are called.
Any information from people would be great. ESi have a demo on their
site, but it involves pretending to be interested in buying it and
talking to their sales guys… so I figured I would ask here first.

Cheers.
hf


parents will have to make sacrifices

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

JSON