[TriLUG] Security holes. Revealed by searching yahoo and google

paul ppeeler at gmail.com
Thu Jan 13 18:16:07 EST 2005


On Thu, 13 Jan 2005 23:05:11 +0000, erik at underhanded.org
<erik at underhanded.org> wrote:
> On Thu, Jan 13, 2005 at 03:31:50PM -0500, Mike Fieschko wrote:
> > Misconfigured MySQL servers accessible though phpmyadmin:
> >
> > http://www.threadwatch.org/node/1082
> >
> > [begin quoting]
> >
> > Hot on the heals of the recent Google unsecured Webcams search news
> > comes in via rumours at threadwatch.org of an even more serious security
> > breach made available by search engine queries.
> 
> Yeah, there's quite a few more interesting searches here:
> http://johnny.ihackstuff.com/index.php?module=prodreviews
> 
> And the whole webcam thing started with a thread on somethingawful.com
> when people looked at the above site, and quickly started finding as
> many webcams as possible.  (which was then subsequently leaked to
> boingboing and then to slashdot)  Fun fun!


I can't remember the first time that I played with finding those
cameras, it must have been more than a year ago or more now. I will
check to make sure that I am correct, but on most of them there was a
vulnerability that would allow you to double-slash the //admin in the
url and have access to administer the camera.

confirmed:
http://www1.corest.com/common/showdoc.php?idx=329&idxseccion=10



More information about the TriLUG mailing list