Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,711
oh dear!
Rage at Autodesk
- Thread starter iviv
- Start date
If you know how your likely to be able to get the whole list of user/passwords judging by the current standard of security in the site.
Time to fire up those VPNs and dozen proxies?
In fact, it's not 'a password', using the same search string I've found loads of passwords. I bet quite a few of these passwords will be the same as their e-mail passwords.
There's information regarding DB structure too... if they allow sql injection its party time on their server.
I'm personally just downloading their site to send to media, don't want an actual part in anything malicious. They should be fined for the breach, not hacked because of it imo.
I'm personally just downloading their site to send to media, don't want an actual part in anything malicious. They should be fined for the breach, not hacked because of it imo.
Last edited:
Haha. http://au.autodesk.com/ama/mailbad.txt
Mailbad
Mailbad
Not unless we did something with it. People do this every day... it's called penetration testing. No harm having a look around, just if you start exploiting the information... or posting it for the world to see and making it worse (lulsec).
Wouldn't be at all surprised to find it breaches the computer misuse act or something, even though the directory is free to access
Don't be silly - it's an open access webserver. It's not like we're "hacking the Gibson". If I posted my address book on some webspace and someone looked at it without asking me would that be in breach of the computer misuse act? No. It would however make me look an idiot.
Anyway I've emailed a link to this thread to The Register.
Anyway I've emailed a link to this thread to The Register.
Last edited:
Actually penetration testing without consent can be illegal, as your using methods to try and bypass security measures.
However in this case they have made the data freely available so there wouldnt be any repurcussions unless you use it maliciously i expect.
This is really bad tbh... plenty of people will naively use the same password for registering on sites etc.. as they do for their personal e-mail accounts... not cool...
Much potential for abuse if the likes of posters on 4chan got hold of this.
Much potential for abuse if the likes of posters on 4chan got hold of this.
Wow.
http://au.autodesk.com/editor/mod.admin/
Is their ENTIRE web server bloody navigateable?
This is really really bad. Found that path from a file within the original source, just navigated to it and it comes up. This trail could well lead to some restricted directories.
http://au.autodesk.com/editor/mod.admin/
Is their ENTIRE web server bloody navigateable?
This is really really bad. Found that path from a file within the original source, just navigated to it and it comes up. This trail could well lead to some restricted directories.
Edit n/m
Last edited:
Certainly does.. you can pretty much edit anything from here.
http://au.autodesk.com/editor/mod.admin/helloworld.htm
'Hello world'; well at least they are greeting us.
'Hello world'; well at least they are greeting us.
Hmm.
http://au.autodesk.com/editor/mod.admin/admin_changepassword.htm
Game over. Please insert more coins and try again.
http://au.autodesk.com/editor/mod.admin/admin_changepassword.htm
Game over. Please insert more coins and try again.
Last edited: