Monday, July 11, 2011

AXN India - Exposed to the Internet

A simple google query did the trick... :D

This is not a great flaw by itself... the site's administration should not be enabled for all internet users (to play with and break the authentication)...We did not poke with the authentication scheme, hehe ;)

Update: We also found cron.php, install.php, xmlrpc.php, half a dozen email addresses, directory traversal (scripts, modules, profiles, themes, sites) and lots more...

Stopped playing for we didn't want to end up accidentally hacking the website :))

Bottom line: Functionally sound, security wise - bad idea?

Shouts to Jaymee ong... (marry me please !) and the eBuzz Team who's programme was being featured on AXN before I found the goodies :D

No comments: