Netzeitung.de is a web-only German newspaper. Additionally they syndicate their content to radio and TV stations (Klassikradio, Sat.1, N24). Though Netzeitung.de's value is in its content, access to their content management system (CMS) seems to be wide open for everyone… …
Update: Netzeitung.de has responded quickly and disabled the "test" account.
Today I read a blog post by Maastrix where he posted the URL for a document preview in Netzeitung's CMS.
At the parent directory http://db1.netzeitung.de/pls/idesk, you are greeted with a "Login" link. Enter the right user / password combination (the first obvious one I tested worked) – voilà, you are in.
What can you do in the CMS?
You can see which articles are currently being edited:
… or have been published:
You can search the multimedia archives:
You can change sports results:
You can send SMS to all subscribers of Netzeitung's Premium subscription:
Oh, and you can view the account data (user name, real name, e-mail address and mobile phone number) of all subscribers. It seems that you can only search by name for them – however, a surname like Müller is quite common in Germany:
Oh yes, and why does Netzeitung.de want every reference to news services AP and DPA removed from the articles?
Netzeitung.de has been notified of this problem.
themaastrix
/ April 10, 2007well done – i didn't have the time to check for the "obvious" accounts 😉