OMG - Government site shows its Goss CMS underpants - Config, server info, file structure, code!
-
Looks like the team at this government org like to play with risk.... They failed to point their DNS in the right place and...
http://nottingham.gov.uk - here it is on pastebin http://pastebin.com/3xmt8hUi
The worst of it is that the <a href="http://gossinteractive.com>vulnerable CMS is called GOSS Intellegent Content Management! That's a big WTF!
I sure hope there aren't any clever guys out there looking for exploits as the Goss cms powers police and hundreds of government sites :-0
Enjoy.
Behn00d
-
You'd think in this day and age, someone would have checked the non-www variant before now. Of course, even I'd they knew about it right this minute, it's Sunday, and no-one in government works Sundays, so that means 24hrs or so to guess the default install's admin password :-)
-
@Behn00d said:
The worst of it is that the vulnerable CMS is called GOSS Intellegent Content Management! That's a big WTF!
Why? Does it have a bad reputation?
ObSidetrack: I've taught CSS and basic HTML to people that are to be assigned the job of
hackingmaintaining some proprietry content management system for their organisations' [ inter | intra | extra ]net, and I happen across several that already know their stuff - since they use a common CMS like wordpress/drupal/xoop/etc. They often regale with tales of how they could have produced the same solution, more quickly and cheaply - but management prefered to spend loads on a CMS with half the functionality and closed-source support.Our organisation, at least, investigated some CMS and settled on Drupal.