[12954] in bugtraq
Privacy hole in Go Express Search
daemon@ATHENA.MIT.EDU (Alfred Huger)
Tue Dec 14 11:57:47 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.10.9912131451280.26938-100000@www.securityfocus.com>
Date: Mon, 13 Dec 1999 14:51:54 -0800
Reply-To: Alfred Huger <ah@SECURITYFOCUS.COM>
From: Alfred Huger <ah@SECURITYFOCUS.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
---------- Forwarded message ----------
Date: 13 Dec 1999 03:23:39 -0000
From: roxen@securityfocus.com
To: suggestions@securityfocus.com
Subject: Link Suggestion
Link Name: Privacy hole in Go Express Search
Link URL: http://www.mobileunit.org/advisories/001/
Description:
Disney's Go Express Search operates an http server at port 1234 without authentication. Remote users can submit search
queries, and view queries and personal links left by other users. It's possible to access the configuration interface, which can
reveal the e-mail address of the user who registered it. Configuration settings can be changed remotely to, for instance, add,
remove or alter personal links.
