Hacker News new | ask | show | jobs
by gargravarr 3250 days ago
One of the more amusing patterns I spotted in the URLs is where an alarming amount of the filesystem appears to be exposed, e.g.:

www.dulceswilly.com/mysql/BHP_sym/root/usr/local/etc/apache22/server.key

If I was on a non-company IP, I'd be tempted to poke around and see what else is visible...
2 comments
ryanlol 3249 days ago
These are already hacked systems where someone has been trying to perform a "symlink attack" to access other users files with the httpds permissions.
link
edward 3250 days ago
mysql root password: http://www.dulceswilly.com/mysql/BHP_sym/root/root/.my.cnf
link
ndury 3249 days ago
Too late, "professional" hackers from indonesia already done the job.

Front page reads:

PELITABANGSA .CA [ INDONESIA CYBER ATTACK AND MALWARE ANALYST ]

link