Hi Guys,
Doing a pen test I have come up with a WebEOC server. There are a few
vulns listed at:
http://secunia.com/advisories/16075/
specifically I am interested in :
"6) Sensitive information is exposed in URIs, stored in publicly
accessible configuration files, and in the HTML code returned to
users.
7) A design error allows malicious users to access parts of the
application that they should not have access to by directly specifying
the URL."
however I have been unable to find out what these files are called.
Any information from people would be great. ESi have a demo on their
site, but it involves pretending to be interested in buying it and
talking to their sales guys… so I figured I would ask here first.
Cheers.
hf
–
parents will have to make sacrifices
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/