From author David A. Utter of WebProNews
http://www.webpronews.com/topnews/topnews/wpn-60-20060721HowGoogleCanFindYourSecretPage.htmlAmazingly enough, some webmasters haven't learned about Google yet, and how easy it is to retrieve pages that have been poorly
protected from being viewed.
When the blogger behind the brand new
EvolvedLight blog wanted to find out more information regarding an
accident at Alton Towers amusement park in Staffordshire,
England, the quest for information led to the park's
media page.
"This site is for Media use only. To gain an access password please call 01538 704015," reads the page. Instead, the blogger turned
to the ubiquitous Google to indulge in a little Google hacking.
In looking at the source code, one section revealed that whatever is entered as a password would trigger a redirect to a page
named {password}.html. The right password would reveal the press page.
So the blogger sent Google a simple search string: *
site:http://press.altontowers.com and guess what was revealed as the third result in the SERPs?
"
Welcome
to the Alton Towers Press Site," said the revealed page, called pressxpsa.html. That means the password would be
pressxpsa.
And indeed it is. To call this a poorly designed page would be an insult to poorly designed pages everywhere.
In the interest of helping out someone in need, here is a Microsoft link on
securing ASP pages for the amusement park's Windows Server
2003
host running IIS 6.
Comments
|
On
8/2/2006
Andy
said:
Yooooooooow, Kelly Clarkson!
|
Leave a Comment