OFBiz OFBiz - User

is this an indication of a security whole

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
BJ Freeman
Reply | Threaded
Open this post in threaded view
|

is this an indication of a security whole

BJ Freeman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

looking at
https://demo.hotwaxmedia.com/webtools/control/FindGeneric?entityName=Visit&find=true&VIEW_SIZE=50&VIEW_INDEX=0
notice the google bot accessing links.

https://demo.hotwaxmedia.com/ap/control/main?externalLoginKey=EL456103644076
access by
  Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJealOrP3NbaWWqE4RArDWAJ91frZmpITik1MBl+tVqv/LIZdsRgCgta0E
0othXIke9JVb/PVtL+suPVE=
=Oi4l
-----END PGP SIGNATURE-----
Bilgin Ibryam
Reply | Threaded
Open this post in threaded view
|

Re: is this an indication of a security whole

Bilgin Ibryam
I think it is possible because admin username and password are  
provided in demo link. It is a demo hole ;)

Bilgin
On Jan 23, 2009, at 1:26 PM, BJ Freeman wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> looking at
> https://demo.hotwaxmedia.com/webtools/control/FindGeneric?entityName=Visit&find=true&VIEW_SIZE=50&VIEW_INDEX=0
> notice the google bot accessing links.
>
> https://demo.hotwaxmedia.com/ap/control/main?externalLoginKey=EL456103644076
> access by
> Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJealOrP3NbaWWqE4RArDWAJ91frZmpITik1MBl+tVqv/LIZdsRgCgta0E
> 0othXIke9JVb/PVtL+suPVE=
> =Oi4l
> -----END PGP SIGNATURE-----

BJ Freeman
Reply | Threaded
Open this post in threaded view
|

Re: is this an indication of a security whole

BJ Freeman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Probaby so :D

Bilgin Ibryam sent the following on 1/24/2009 4:50 AM:

> I think it is possible because admin username and password are provided
> in demo link. It is a demo hole ;)
>
> Bilgin
> On Jan 23, 2009, at 1:26 PM, BJ Freeman wrote:
>
> looking at
> https://demo.hotwaxmedia.com/webtools/control/FindGeneric?entityName=Visit&find=true&VIEW_SIZE=50&VIEW_INDEX=0
>
> notice the google bot accessing links.
>
> https://demo.hotwaxmedia.com/ap/control/main?externalLoginKey=EL456103644076
>
> access by
>     Mozilla/5.0 (compatible; Googlebot/2.1;
> +http://www.google.com/bot.html)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJe19nrP3NbaWWqE4RAgIRAKDTf4w9iaToQk+Sz7BzOe+fGCyeTwCfb/cj
DxMGHZ+oCBQnbWEfONoB5HI=
=jZ7s
-----END PGP SIGNATURE-----
Free forum by Nabble Edit this page