[12497] in bugtraq
Re: Netscape Web Publisher
daemon@ATHENA.MIT.EDU (nblasgen@NICK.REFRACT.COM)
Tue Nov 9 13:52:00 1999
Mime-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-658486390-1670737139-942045474=:9954"
Message-Id: <Pine.LNX.4.10.9911072313560.9954-101000@nick.refract.com>
Date: Sun, 7 Nov 1999 23:17:54 -0800
Reply-To: nblasgen@NICK.REFRACT.COM
From: nblasgen@NICK.REFRACT.COM
X-To: BUGTRAQ@SECURITYFOCUS.COM, Tim Jones <cybersysop813@HOTMAIL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19991107030128.8937.qmail@securityfocus.com>
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
---658486390-1670737139-942045474=:9954
Content-Type: TEXT/PLAIN; charset=US-ASCII
Content-Transfer-Encoding: QUOTED-PRINTABLE
Well, my version in C did not work out well, so here is the TCL version.
Usage:
./netscape-test.tcl -i <host>
or edit the file "check_hosts" add your own hosts to check in a list
then..
./netscape-test.tcl
and it will check the entire list. Output is to STDIN...
/Nicholas W. Blasgen
Refract, LLC
Attached is netscape-test.tar.gz
On Sun, 7 Nov 1999, Tim Jones wrote:
> This is not a HOLE. By default(I think)netscape -Enterprise/3.5.1I ins=
talls ALOT of shit that you will never need or use. But like most things pe=
ople dont use people dont remove them. A major thing that netscape installs=
is Netscape Web Publisher. Which you can access VIA http. By default its /=
publisher/. Like on www.fbi.gov/publisher/ click on Start Web Publisher. Th=
en after the java app load it will ask you for a Username and Password. Wel=
l just leave them blank and hit ENTER.. Now this is a bad idea because anyo=
ne could just brute force the User Name and password. Then after you do or =
dont enter a user name a password it will show you ALL files in the web dir=
=2E Now this is also a bad idea because some people leave like oh password =
lists,user names, cc info in the web dir. All of which you could access fro=
m the web if you had the info on were it was. So in short its a BAD idea to=
leave /publisher/ on netscape on. You should remove /publisher/. Most peop=
le dont give a shit like www.fbi.gov/publisher/ that you can look at all th=
ere files but there stupid so whatever..=20
>=20
> I emailed netscape,fbi.gov about 2 weeks ago about this and I have got no=
reply.. So maybe they might fix it now.
>=20
> --flipz
>=20
---658486390-1670737139-942045474=:9954
Content-Type: APPLICATION/octet-stream; name="netscape-test.tar.gz"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.10.9911072317540.9954@nick.refract.com>
Content-Description:
Content-Disposition: attachment; filename="netscape-test.tar.gz"
H4sICNV4JjgAA25ldHNjYXBlLXRlc3QudGFyAO1WWW8bNxDWq/ZXTNZ6jPbQ
aW9tt3ESOGnlA6jQPLhCsVqNtKxX5JakZAuG/nuHq9uR7YcYTYvygwDxmCG/
ObkctUriHKv5pJ8xlaKsalTaL70ioBG0m00ogUHw6H85gXYQho12vd2icVhv
he0SNF+TxFOYKB1LgJIUQj8n99L+fxT8ifgnKSa3f6RCafXNd4RB0Go0nol/
ax3/Rj2sUfxbQatWguAV7HsR//P4393deXgfj/MMvUSMne055cbOXMiR8735
Wrwunqr/9bqZeTrJvuEOqv/n+n+t1W6s+3+r1aL6b9dqga3/fwIHb/yJkn6f
cZ+CrFLnwDmAsxlcsiQVWazgiwdn9D9C/hbCo6OjQqCbxvxWgRbQZWP4WXBU
cJzM+ijVTIn8MKz/9Omqe/Huc8d7f3VxCkMhQacIZ5NRV8Z/QU7vSnHQB6a0
ZP2JxgFM+AAlnF93IGMJ8gRJwsmlSGAg3gvOMdHwAOZJgjk8OGWFGhTcKJHc
0qhSbBwGPaecT7SCigL3/GMX/HVi+/Cp2732Qy9wt2RoPMwmKqUJjYTEOEmh
T8fmGdNwQ/MBbfXA/Z27PXNtmQ2JRqUPJyekbagkgmvGJzinTUNK9P80XG8y
RhbdG1HDqtCrLPeM7q8opygjd2HNQpUWFBN8ff3miJAo+L5rDlowWO+tdIIe
vKFjL1eV+5FrlLlkCosroDDZrTwYR80juBQa9sn+AHhPV89forRaN8S8Ba9t
cXcPP2+Psrs2aL14CnWvuZcy3sFvCyHP84ipRD2RvOA6d/a4uBMrXR2LARsy
HOx6eoZU9lv+bWw8Wyn2jk26H+6j0RGCkj9jt0hJzRSM2SjVkMZThBgoYfsZ
jh+TM7+vArAWdsoLYYescAw7Lop0DhxnN9axHE1NoI1xVeZuCmGpEC5mxXhX
KST7NnVUVItTNpF25oCZwtVBwwHciBwpgFufgC7I3qY64kfVMRx8XR7xpjxg
VR+FK7Y4xMYrxuKiFSyLM4RaEMDVL7SyLJB9WepThnjhZ9NBYo0RXAhqT8Eh
+XRadCkIalGzGTXbcH7RJSm6UyPXVT3LSVrjvfZTPc5op8P4bQTHqdZ55Pvm
c2fYZ95ITLcax4/X8QgNG+pL6tRENjtxt9dcc9BOrsEXHLyFeggfMDGM2oZR
oxEF9UeMMuQjnUZAr18tpPV3SYK5rsqYj1BF0J/RA7wQN06jzI8gyYQyzfF7
vx0WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYW/z78DcUTFxQAKAAA
---658486390-1670737139-942045474=:9954--
