On Thu, 13 Jan 2005 23:05:11 +0000, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > On Thu, Jan 13, 2005 at 03:31:50PM -0500, Mike Fieschko wrote: > > Misconfigured MySQL servers accessible though phpmyadmin: > > > > http://www.threadwatch.org/node/1082 > > > > [begin quoting] > > > > Hot on the heals of the recent Google unsecured Webcams search news > > comes in via [EMAIL PROTECTED] of an even more serious security > > breach made available by search engine queries. > > Yeah, there's quite a few more interesting searches here: > http://johnny.ihackstuff.com/index.php?module=prodreviews > > And the whole webcam thing started with a thread on somethingawful.com > when people looked at the above site, and quickly started finding as > many webcams as possible. (which was then subsequently leaked to > boingboing and then to slashdot) Fun fun!
I can't remember the first time that I played with finding those cameras, it must have been more than a year ago or more now. I will check to make sure that I am correct, but on most of them there was a vulnerability that would allow you to double-slash the //admin in the url and have access to administer the camera. confirmed: http://www1.corest.com/common/showdoc.php?idx=329&idxseccion=10 -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
