Sensitive / Unauthorized Info Accessible
Posted on 2009-05-05
Sensitive information is available to unauthorized users through one or more of the following: * Poorly restricted web pages * Web page source code * Web pages containing sensitive content * Accessible/executable files * Office productivity files available Extension such as txt, doc, pdf, ppt, xls, csv, rtf, mdb, odc, mde, pub, wri, dif, sxw, sxi, sxc, sdw, sdd and sdc were found on a remote share.
and Evidence is :
The following CGI have been discovered :;;Syntax : cginame (arguments [default value]);;/shockwave/download/download.cgi (P1_Prod_Version [ShockwaveFlash] );;;The following email addresses have been gathered :;;;- 'firstname.lastname@example.org', referenced from :; /xyz/contact_QP_advisors.html;;;- 'email@example.com', referenced from :; /xyz/news.html;;;- 'firstname.lastname@example.org', referenced from :; /xyz/contact_QP_advisors.html;;;- 'email@example.com', referenced from :; /xyz/contact_plan_sponsors.html;;;- 'firstname.lastname@example.org', referenced from :;