OMG - Government site shows its Goss CMS underpants - Config, server info, file structure, code!



  • Looks like the team at this government org like to play with risk.... They failed to point their DNS in the right place and...

    http://nottingham.gov.uk - here it is on pastebin http://pastebin.com/3xmt8hUi


    The worst of it is that the <a href="http://gossinteractive.com>vulnerable CMS is called GOSS Intellegent Content Management! That's a big WTF!

    I sure hope there aren't any clever guys out there looking for exploits as the Goss cms powers police and hundreds of government sites :-0

    Enjoy.
    Behn00d



  • You'd think in this day and age, someone would have checked the non-www variant before now. Of course, even I'd they knew about it right this minute, it's Sunday, and no-one in government works Sundays, so that means 24hrs or so to guess the default install's admin password 🙂



  • @Behn00d said:

    The worst of it is that the vulnerable CMS is called GOSS Intellegent Content Management! That's a big WTF!

    Why? Does it have a bad reputation?

    ObSidetrack: I've taught CSS and basic HTML to people that are to be assigned the job of hacking maintaining some proprietry content management system for their organisations' [ inter | intra | extra ]net, and I happen across several that already know their stuff - since they use a common CMS like wordpress/drupal/xoop/etc. They often regale with tales of how they could have produced the same solution, more quickly and cheaply - but management prefered to spend loads on a CMS with half the functionality and closed-source support.

    Our organisation, at least, investigated some CMS and settled on Drupal.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.