I was playing around when I found a small problem with Novell's WebAcces.
With User.lang you can give in you're language as parameter I tried some different stuff there and when I tried "> so that the URL would be hxxp://www.notsohappyserver.com/servlet/webacc?User.Lang="> a Link apeared I clicked it and so I found some unprotected dirs.
The problem is that the file hxxps://www.notsohappyserver/com/novell/webaccess/WebAccessUninstall.ini contains info about the servername context and install paths
It seems that this is working on almost every webacces server.
Kerst actie bij Lycos Mail: 50% korting op Lycos Xtra en Max!
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
