Geertwilders – Today’s News
Nasty Man
Not a nice guy.
(Even so I’ve still notified the Site Admin in question)
Background story.
He’s a right-wing Dutch MP who has made a very one sided mockumentary about Muslims and how he thinks that the Qur’an only preaches death and killing. I’m not religious at all, however I do know that virtually any person can take the text from any religious doctrine and use that text to prove any point they may wish to make.
He was invited to the UK by some other right-wing MPs (UKIP Party) and he was thankfully turned down by our government on the grounds that they deemed him to a person who spreads race hate.
This lead to a welcome debate of the validity of freedom of speech.
Site = http://www.geertwilders.nl
Defect Found = Open Log and Stats File
Time Taken to find from arriving at homepage = about 32 minutes.
This was a hard one due to his site using off the shelf secure software (Mambo I think) and also using Google for all searching which meant I knew XSS was a no go from the start. I then looked for subdomains and although I found many all were 401′s. I tried a few other things and then just when I thought that this site would beat me I gave a quick check of common directories and came up with “TMP” I then looked for common file names and came up with “log.txt” and hence the site error.
Remember that the reason for the “Today’s News” section is to attempt to prove that virtually all sites out there have some error in them of some kind that affects either the websites security, usability or maybe a business logic flaw.
some people may think that this is low hanging fruit type stuff and they may be correct, however as these sites in question will be all over the TV today and front page on tomorrows papers they are easy targets for potential hackers and Seo BalackHats alike.