-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
paul wrote:
| On Thu, 13 Jan 2005 23:05:11 +0000, [EMAIL PROTECTED] | <[EMAIL PROTECTED]> wrote: | |> On Thu, Jan 13, 2005 at 03:31:50PM -0500, Mike Fieschko wrote: |> |>> Misconfigured MySQL servers accessible though phpmyadmin: |>> |>> http://www.threadwatch.org/node/1082 |>> |>> [begin quoting] |>> |>> Hot on the heals of the recent Google unsecured Webcams search |>> news comes in via [EMAIL PROTECTED] of an even more |>> serious security breach made available by search engine |>> queries. |> |> Yeah, there's quite a few more interesting searches here: |> http://johnny.ihackstuff.com/index.php?module=prodreviews |> |> And the whole webcam thing started with a thread on |> somethingawful.com when people looked at the above site, and |> quickly started finding as many webcams as possible. (which was |> then subsequently leaked to boingboing and then to slashdot) Fun |> fun! | | | | I can't remember the first time that I played with finding those | cameras, it must have been more than a year ago or more now. I will | check to make sure that I am correct, but on most of them there | was a vulnerability that would allow you to double-slash the | //admin in the url and have access to administer the camera. | | confirmed: | http://www1.corest.com/common/showdoc.php?idx=329&idxseccion=10
yup, on some firmware versions. on axis cams. its a bit limited though. another (older) one lets you access cgi-bin/paramtool without auth, which gives all kinds of fun stuff, like the root password hash... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFB6AMMwsRpgTiXSOERAsu8AKCZnUa75lviDbRVY/rUrj6DBKPr+gCgtPoE s8AynoG4ExUL9IKvXcI274k= =rrws -----END PGP SIGNATURE-----
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
