Re: Information disclosure on govmu.org

From: Ish Sookun <ish_at_hacklog.in>
Date: Tue, 14 Apr 2015 07:37:50 +0400

Hello SM,

On Mon, Apr 13, 2015 at 6:07 PM, S Moonesamy <sm+mu_at_elandsys.com> wrote:

>
> There is a possible information disclosure issue affecting govmu.org web
> sites. This may be due to an incorrect configuration of Microsoft
> Sharepoint 2010. The issue is apparent on the National Computer Board web
> site [1] and the web site of the Mauritian National Computer Security
> Incident Response Team ( cert-mu.govmu.org ).
>

​Sharepoint configuration is meticulous. It's a Document Sharing Platform,
a Content Management System, along with having various modules such as
built in WiKi, bulletin board etc.

From your screenshot I am to believe you got "write" access under the
directory you were browsing. Is that right?​ If yes, it's serious. Exposing
a sensitive infrastructure where one could deposit say a "malware" from the
Internet is serious.

​Regards,​

-- 
​Ish Sookun
- Geek by birth, Linux by choice.
- I blog at HACKLOG.in.
https://twitter.com/IshSookun ^^ Do you tweet?
Received on Tue Apr 14 2015 - 03:37:50 PST

This archive was generated by hypermail 2.3.0 : Tue Apr 14 2015 - 03:45:02 PST