You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by BJ Freeman <bj...@free-man.net> on 2009/01/23 12:26:06 UTC
is this an indication of a security whole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
looking at
https://demo.hotwaxmedia.com/webtools/control/FindGeneric?entityName=Visit&find=true&VIEW_SIZE=50&VIEW_INDEX=0
notice the google bot accessing links.
https://demo.hotwaxmedia.com/ap/control/main?externalLoginKey=EL456103644076
access by
Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJealOrP3NbaWWqE4RArDWAJ91frZmpITik1MBl+tVqv/LIZdsRgCgta0E
0othXIke9JVb/PVtL+suPVE=
=Oi4l
-----END PGP SIGNATURE-----
Re: is this an indication of a security whole
Posted by BJ Freeman <bj...@free-man.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Probaby so :D
Bilgin Ibryam sent the following on 1/24/2009 4:50 AM:
> I think it is possible because admin username and password are provided
> in demo link. It is a demo hole ;)
>
> Bilgin
> On Jan 23, 2009, at 1:26 PM, BJ Freeman wrote:
>
> looking at
> https://demo.hotwaxmedia.com/webtools/control/FindGeneric?entityName=Visit&find=true&VIEW_SIZE=50&VIEW_INDEX=0
>
> notice the google bot accessing links.
>
> https://demo.hotwaxmedia.com/ap/control/main?externalLoginKey=EL456103644076
>
> access by
> Mozilla/5.0 (compatible; Googlebot/2.1;
> +http://www.google.com/bot.html)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJe19nrP3NbaWWqE4RAgIRAKDTf4w9iaToQk+Sz7BzOe+fGCyeTwCfb/cj
DxMGHZ+oCBQnbWEfONoB5HI=
=jZ7s
-----END PGP SIGNATURE-----
Re: is this an indication of a security whole
Posted by Bilgin Ibryam <bi...@iguanait.com>.
I think it is possible because admin username and password are
provided in demo link. It is a demo hole ;)
Bilgin
On Jan 23, 2009, at 1:26 PM, BJ Freeman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> looking at
> https://demo.hotwaxmedia.com/webtools/control/FindGeneric?entityName=Visit&find=true&VIEW_SIZE=50&VIEW_INDEX=0
> notice the google bot accessing links.
>
> https://demo.hotwaxmedia.com/ap/control/main?externalLoginKey=EL456103644076
> access by
> Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJealOrP3NbaWWqE4RArDWAJ91frZmpITik1MBl+tVqv/LIZdsRgCgta0E
> 0othXIke9JVb/PVtL+suPVE=
> =Oi4l
> -----END PGP SIGNATURE-----