From Security Weekly Wiki
Jump to navigationJump to search
1,461 bytes added ,  19:06, 26 May 2006
== ITT Fart - TMUP PDC Promo - Listener Feedback==
Bob writes in: (HOLY SHIT - Its Bob!)
I am a big fan of your show and have been listening for awhile. I am a junior at a high school in CA, awhile back I found a vulnerability in one of our schools servers, I alerted the proper people and they said they would fix the issue, which is the configuration of php on the server. They disabled php for awhile promising to fix the problem and have recently put that back online, without the problem being fixed. A friend and I were messing around with it today and it has become apparent that I only skimmed the surface of what was vulnerable, in short we now essentially "own" the server. Though I know that I should probably tell them that the vulnerability still exists and what it is possible to do with it. This means I would have to tell them that my friend and I were able to potentially access student grades along with many other things that they wouldn't want a student to have access to. Since we didn't have permission I don't think that they (the school technology dept.) or the administration would be very happy with us and they have pressed charges against students for "hacking" their school issued laptops with the admin password taped on the bottom. It seems that letting someone know about a vulnerability is just as bad and exploiting it now. I on the other hand want to let the school know how bad the security protecting grades, user and teacher files is... if you know what I mean ; )
Jim writes in:


Navigation menu