Vulnerability Development mailing list archives
Re: Idiocy "exploit"
From: jen () ETTNET SE (Joel Eriksson)
Date: Fri, 3 Dec 1999 18:27:53 +0100
On Wed, Dec 01, 1999 at 09:37:44PM -0800, Blue Boar wrote:
Roy Wilson wrote:I was cruising a .GOV site the other day with GetRight in Browse mode (an enhanced FTP client, it appears), while walking a client through the directories he needed to traverse to find the file he wanted (a database). We were getting different file counts - his Netscape would show 7 files, GR on my end would show 28. After about two hours of messing around trying to find out what was going on, we finally found it. He had Netscape set to the default "Mozilla@" for anon login password. If I set GR to any email address other than the one I was using the first time around, I only saw the seven files as well. The other 21 files were the raw data the cgi script used to build sorted db's for HTML display. The email address that showed all data? fraud () irs gov Being the curious person that I am, I started hitting state level sites as well as federal. About a third of them showed more files with the fraud@ than with mozilla@.Any idea which FTP server package this is, or what options cause this behavior? Care to share the name of one of the sites?
Some FTP-servers can be configured to let anonymous FTP-users that supply a non-RFC822 compliant e-mail address as their password access a restricted FTP-area. Roy: Try whatever@ and Mozilla@whatever and see what happens.
BB
-- Mvh Joel Eriksson
Current thread:
- Idiocy "exploit" Roy Wilson (Dec 01)
- Re: Idiocy "exploit" Blue Boar (Dec 01)
- Re: Idiocy "exploit" Joel Eriksson (Dec 03)
- Owning privileged processes under UnixWare Tellier, Brock (Dec 06)
- Re: Owning privileged processes under UnixWare Elias Levy (Dec 06)
- Re: Owning privileged processes under UnixWare Blue Boar (Dec 07)
- rpcclient 2.0.5a crashed services.exe Blue Boar (Dec 13)
- Wireless LANs ? Sebastian Andersson (Dec 14)
- [Fwd: rpcclient 2.0.5a crashed services.exe] Blue Boar (Dec 15)
- BSD chfn bug Pavol Luptak (Dec 20)
- Re: BSD chfn bug Przemyslaw Frasunek (Dec 21)
- Re: BSD chfn bug Warner Losh (Dec 21)
- Re: BSD chfn bug Tellier, Brock (Dec 23)
- Re: Idiocy "exploit" Blue Boar (Dec 01)