Possible Security Breach at Melbourne IT

Possible Security Breach at Melbourne IT

From: Ginger Fish <ginger-fish§scifi-art.com>
Date: Fri, 1 Mar 2002 13:18:30 +1100
Dear All,

yesterday i wanted to register a few domain names, so i went to the channel
partner thingy at MIT, but their server was acting kinda funny, and enabled
me to download the whole php pages with source code included.
Here's a sample of what i got :

<?
   // This page can't use ignoresession
   file://$ignoresession = 1;
   include("definitions.php");

   // Meta Keywords
   $metakeywords = array("domain", "name", "domain name", "domain name
registration", "australia", "com.au", "australian domain names", "au",
"registry", "registrar", "ml.com", "multi-lingual.com", "com", "org", "net",
"multilingual", "chinese", "internet address", "internet name", "web
address", "internet names world wide", "global domain names", "whois",
"ICANN", "tld", "gtld", "cctld");
   $metadescription = "Internet Names WorldWide provides global domain name
registration services. The official administrator of com.au domains, ICANN
accredited Registrar for com, net, org and multi-lingual.com domains. Easy,
fast and secure domain names.";

   $pageheading = "Please Login";

   if ($argv[0] == "failed")
   {
     $intromessage = "<B CLASS='red'>Invalid username / password</B>";
   }
   elseif ($argv[0] == "unavailable")
   {
     $intromessage = "<B CLASS='red'>Your login cannot be
completed</B><BR>\n"
                    ."We are currently experiencing technical
problems.<BR>\n"
                    ."Please retry this request shortly.<BR>\n";
   }


Of course, such an opportunity for malevolent people would give them access
to info that is supposed to be confidential ( you know, access to main db
and stuff like that ).
In hope that that sort of technical glitch does not happen everyday.


Ginger
tH3 3l33t g3N3r4T!oN
Received on Fri Oct 03 2003 - 00:00:00 UTC

This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:05 UTC