Amazingly enough, some webmasters haven’t learned about Google yet, and how easy it is to retrieve pages that have been poorly protected from being viewed.
When the blogger behind the brand new EvolvedLight blog wanted to find out more information regarding an accident at Alton Towers amusement park in Staffordshire, England, the quest for information led to the park’s media page.
“This site is for Media use only. To gain an access password please call 01538 704015,” reads the page. Instead, the blogger turned to the ubiquitous Google to indulge in a little Google hacking.
In looking at the source code, one section revealed that whatever is entered as a password would trigger a redirect to a page named {password}.html. The right password would reveal the press page.
So the blogger sent Google a simple search string: * site:http://press.altontowers.com and guess what was revealed as the third result in the SERPs?
“Welcome to the Alton Towers Press Site,” said the revealed page, called pressxpsa.html. That means the password would be pressxpsa.
And indeed it is. To call this a poorly designed page would be an insult to poorly designed pages everywhere. In the interest of helping out someone in need, here is a Microsoft link on securing ASP pages for the amusement park’s Windows Server 2003 host running IIS 6.
—
Tag:
Add to 
Bookmark Murdok: 
David Utter is a staff writer for Murdok covering technology and business.
