Saturday, April 21, 2012

Error Menace - Follow Up

Remember my last post about information disclosed from error messages?

Not long after I posted that (~1 week),  I was on vacation, and during my traveling I came across two examples of error messages disclosing too much.

Here they are:

#1 - Delta Airlines Touch Screen



I apologize for the blurriness of this photo.  I took this with my cell phone as it was scrolling through the boot up process.  This happened when one of the games I was playing crashed.  I was really surprised to be given this much information about the device.  I could see hardware addresses, running OS and vers, and other information that you can try to view from that picture.  A simple loading screen would've been much better and not disclosed anything.


#2 - Government Website Information Disclosure



I was searching around for things to do in the area and landed upon a Government Website.  Just by clicking on a link, I came across this error.  Some of the information has been redacted, but you still will get a good idea of what's going on.  Some information I found:

  • Hints about the running Operating System (Windows)
  • The type and version of the Web Server (Apache)
  • UNC path that discloses shared directories
  • Several function calls 
  • OS directories
If you find anything I've missed, feel free to comment or contact me, and I'll add it here.

Note: I contacted the Website Admin shortly after arriving home, and received a quick response saying they fixed it.  

No comments:

Post a Comment