Security hole at Sharelook.de

Forum Moderators: open

Message Too Old, No Replies

Security hole at Sharelook.de

Referrer taking you directly into listing admin!

Rumbas

12:18 pm on Dec 7, 2001 (gmt 0)

After going through the usual scanning of logfiles for a domain I manage, I stumbled across [url=www.sharelook.de/cgi-bin/adm/SDB_entrytbd.cgi?MD5=6e7497c2b05a7d0aab421bfc531f7524]this URL[/url]. Clicking it takes you directly into the Sharelook.de listing administration interface. You can unblock and even delete sites!

Whew, happily I found before my competitor.

Sharelook.de has been alerted.
Now we'll see if they will come here and explain..

heini

2:01 pm on Dec 7, 2001 (gmt 0)

Whew - that was an interesting peep. If anyone ever doubted searchengines and directories complaints about the load of spam in submissions - you should have seen this.
The carelessness anyhow Sharelook.de has shown, by leaving such a link in the logfiles of visited sites and not protecting that entrance, is astounding.
Sharelook is not just another mediocre catalogue. It is one of the main directories - taking a hefty fee for submissions.

heini

4:32 pm on Dec 7, 2001 (gmt 0)

For those members reading german:
@-web.de [at-web.de], leading german SE information site, has picked up the story.
Best thing is: Though we notified staff hours ago, Sharelook still does not care to close this gaping hole!

Hello Sharelook staff: anybody home?

<added>just talked to Sharelook's CEO - he was surprised access was still possible, said his technicians were working on it. Seems to be difficult...</added>

Rumbas

11:51 pm on Dec 7, 2001 (gmt 0)

>technicians were working on it

They seem to have fixed it. It's now a 404.