News:

RAID is not a replacement for a backup! Here's why.

Main Menu

Security issue with TS X8.0TL/R5 firmware: Log files are publically accessible

Started by w7mCh4Df, July 29, 2013, 04:24:21 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

w7mCh4Df

July 29, 2013, 04:24:21 AM
I just noticed that all the Terastation log files are publically available to everyone in the network at

http://x.x.x.x/static/log/file.smb
http://x.x.x.x/static/log/linkstation.log
http://x.x.x.x/static/log/xferlog

These files contain user account names, file names, system information and configuration...
Print
Go Up Pages1
User actions
Browser ID: smf (is_webkit)
Templates: 4: index (default), Display (default), GenericControls (default), GenericControls (default).
Sub templates: 6: init, html_above, body_above, main, body_below, html_below.
Language files: 5: index+Modifications.english (default), Post.english (default), Editor.english (default), Drafts.english (default), StopForumSpam.english (default).
Style sheets: 4: index.css, attachments.css, jquery.sceditor.css, responsive.css.
Hooks called: 110 (show)
Files included: 35 - 1354KB. (show)
Memory used: 931KB.
Tokens: post-login.
Queries used: 15.

[Show Queries]