[11539] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Front Page form_results

daemon@ATHENA.MIT.EDU (Pentium Cowboy)
Sat Aug 28 03:34:00 1999

Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id:  <19990824031105.64878.qmail@hotmail.com>
Date:         Mon, 23 Aug 1999 23:08:21 -0100
Reply-To: Pentium Cowboy <omicrom808@HOTMAIL.COM>
From: Pentium Cowboy <omicrom808@HOTMAIL.COM>
X-To:         bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM

For pages created with front page, the default location for form results is
in     /_private/form_results.txt   the default is also set to no security.
Many pages created out of templates, or by inexperienced users will leave a
page this way, and the form results can be simply obtained by going to
www.(domain name).com/_private/form_results.txt

A no-brainer, but a security hole none the less


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[11539] in bugtraq

Front Page form_results

daemon@ATHENA.MIT.EDU (Pentium Cowboy)Sat Aug 28 03:34:00 1999

daemon@ATHENA.MIT.EDU (Pentium Cowboy)
Sat Aug 28 03:34:00 1999