Security fail

I came across an interesting bug the other day as I was trying to think of a good example of URL hacking. I entered the URL to our company’s online time sheet (OTS) http://192.168.4.135:8080/ots/Index.jsp onto my favorite browser and then backspaced a bit. I hit enter when the browser was pointed to http://192.168.4.135:8080/ots/ and ta-dah… a directory listing.

security_fail

Most interesting was that upon checking the contents of the folders, I came across a file with a .conf extension.  That made me do a double-take.  True enough, when I opened the file, it contained the DB server, username and password to our OTS. There was also a very helpful readme.txt file which cited the .conf file and the supposedly confidential information.  This has been fixed though that is, at least the access to the conf and readme files.  The directory listing can still be viewed. 😛