Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Specific Sites :: ges.htm

Go Express Search runs http server at port 1234 with no authentication



Vulnerability

    Go Express Search

Affected

    Go Express Search

Description

    Disney's Go Express  Search operates an  http server at  port 1234
    without authentication.  Remote  users can submit search  queries,
    and view  queries and  personal links  left by  other users.  It's
    possible to access the  configuration interface, which can  reveal
    the e-mail address of the  user who registered it.   Configuration
    settings can be changed remotely to, for instance, add, remove  or
    alter personal links.

Solution

    Nothing yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH