Welcome to WebmasterWorld Guest from 18.208.159.25

Forum Moderators: open

Message Too Old, No Replies

Security hole at Sharelook.de

Referrer taking you directly into listing admin!

     
12:18 pm on Dec 7, 2001 (gmt 0)

Moderator from DK 

WebmasterWorld Administrator 10+ Year Member

joined:Oct 23, 2000
posts:2569
votes: 13


After going through the usual scanning of logfiles for a domain I manage, I stumbled across [url=www.sharelook.de/cgi-bin/adm/SDB_entrytbd.cgi?MD5=6e7497c2b05a7d0aab421bfc531f7524]this URL[/url]. Clicking it takes you directly into the Sharelook.de listing administration interface. You can unblock and even delete sites!

Whew, happily I found before my competitor.

Sharelook.de has been alerted.
Now we'll see if they will come here and explain..

2:01 pm on Dec 7, 2001 (gmt 0)

Senior Member

WebmasterWorld Senior Member heini is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Jan 31, 2001
posts:4404
votes: 0


Whew - that was an interesting peep. If anyone ever doubted searchengines and directories complaints about the load of spam in submissions - you should have seen this.
The carelessness anyhow Sharelook.de has shown, by leaving such a link in the logfiles of visited sites and not protecting that entrance, is astounding.
Sharelook is not just another mediocre catalogue. It is one of the main directories - taking a hefty fee for submissions.
4:32 pm on Dec 7, 2001 (gmt 0)

Senior Member

WebmasterWorld Senior Member heini is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Jan 31, 2001
posts:4404
votes: 0


For those members reading german:
@-web.de [at-web.de], leading german SE information site, has picked up the story.
Best thing is: Though we notified staff hours ago, Sharelook still does not care to close this gaping hole!

Hello Sharelook staff: anybody home?

<added>just talked to Sharelook's CEO - he was surprised access was still possible, said his technicians were working on it. Seems to be difficult...</added>

11:51 pm on Dec 7, 2001 (gmt 0)

Moderator from DK 

WebmasterWorld Administrator 10+ Year Member

joined:Oct 23, 2000
posts:2569
votes: 13


>technicians were working on it

They seem to have fixed it. It's now a 404.