GHDB « Hackers For Charity

GHDB

GHDB

Google Search: intitle:"Login - powered by Easy File Sharing Web

JimmyNeutron rates this entry 6 out of 10.
Submitted: 2004-09-18 09:35:38
Added by: JimmyNeutron
Hits: 2360
Score: 6

Easy File Sharing Web Server is a file sharing software that allows visitors to upload/download files easily through a Web Browser (IE,Netscape,Opera etc.)". More information at: http://www.securityfocus.com/bid/11034/discussion/An attacker can reportedly bypass the authentication by entering the the name of the virtual folder directly.


Comments:

2006-05-16 10:32:57 (corvacho): Google seems to catch this dork: there are many results with same title if you look for inurl:vhosts intitle:virtual.

There are many versions of this software; some of there are vulnerable when foldername is known, some other only when filename is known; there are many servers out there that even provide guest login. There is no apparent way to know the version installed in the host (all of them report "(c) 2004").

Remotely Anywhere is a PC Anywhere clone that seems to use this Easy File Share engine, with much better security, and a different login page (so jimmyneutron's googledork will always end on a vulnerable server instead of a RA one)