Bugtraq mailing list archives
Netscape Web Publisher
From: cybersysop813 () HOTMAIL COM (Tim Jones)
Date: Sun, 7 Nov 1999 03:01:28 -0000
This is not a HOLE. By default(I think)netscape -Enterprise/3.5.1I installs ALOT of shit that you will never need or use. But like most things people dont use people dont remove them. A major thing that netscape installs is Netscape Web Publisher. Which you can access VIA http. By default its /publisher/. Like on www.fbi.gov/publisher/ click on Start Web Publisher. Then after the java app load it will ask you for a Username and Password. Well just leave them blank and hit ENTER.. Now this is a bad idea because anyone could just brute force the User Name and password. Then after you do or dont enter a user name a password it will show you ALL files in the web dir. Now this is also a bad idea because some people leave like oh password lists,user names, cc info in the web dir. All of which you could access from the web if you had the info on were it was. So in short its a BAD idea to leave /publisher/ on netscape on. You should remove /publisher/. Most people dont give a shit like www.fbi.gov/publisher/ that you can look at all there files but there stupid so whatever.. I emailed netscape,fbi.gov about 2 weeks ago about this and I have got no reply.. So maybe they might fix it now. --flipz
Current thread:
- Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Blue Boar (Nov 05)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Marc Slemko (Nov 06)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Ben Laurie (Nov 06)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Stephen White (Nov 06)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Steven Champeon (Nov 07)
- Patch for VirusWall 3.23. dark spyrit (Nov 07)
- Netscape Web Publisher Tim Jones (Nov 06)
- Re: Netscape Web Publisher Mnemonix (Nov 07)
- Re: Netscape Web Publisher nblasgen () NICK REFRACT COM (Nov 07)
- vwxploit.c unix port Sebastian (Nov 08)
- Windows NT Spooler Service. Avri Schneider (Nov 07)
- [w00giving '99 #2] IMAIL POP server Shok (Nov 07)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Blue Boar (Nov 07)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Jefferson Ogata (Nov 08)
- MS Outlook alert : Cuartango Active Setup Elias Levy (Nov 08)
- BigIP - bigconf.cgi holes Guy Cohen (Jun 13)
- Re: MS Outlook alert : Cuartango Active Setup David LeBlanc (Nov 08)
(Thread continues...)