Fierce Finds MySpace Adminstration Console
I can’t say this really surprises me too much give my own results of other high profile domains, but x90 (NOP) was able to locate MySpace’s administration console. That just sounds like a bad idea - leaving the gateway to your administration publically facing. He was able to get it to error out which provided some interesting results as well.
Fierce is a good first-pass reconnaissance tool, and as you can tell it shows you thinks that aren’t obvious at first blush when you aren’t sure what is hosted at the domain. In just a few minutes of testing you can uncover huge swaths of vulnerable targets to exploit. This is no exception. It’s neat seeing people try it out and see what it can find for you. Let me know if anyone else finds interesting results or case studies. In the meantime, I hope MySpace knows enough to take this server off-line until they can harden it or at minimum move it to a less obvious place.
January 16th, 2007 at 11:09 am
[…] Original post by RSnake for Myspace News Fierce Finds MySpace Adminstration Console […]
January 16th, 2007 at 5:07 pm
They don’t even have HTTPS (SSL) access for this login. If there are any network admins at myspace with a packet sniffer now is your chance.
Makes one wonder. If you use MySpace don’t use the same password you use elsewhere.
January 16th, 2007 at 6:05 pm
Hahah… the only way this isn’t terrible security is if it’s a honeypot. But alas, I highly highly doubt it is.
January 16th, 2007 at 9:03 pm
[…] From: http://ha.ckers.org/ […]
January 17th, 2007 at 12:07 pm
http://216.178.32.132/index.cfm?action=login
Thanks google