following screenshot is of me accessing the database of a sandwich
company, sending emails from their server and reading the order logs:
I was able to get all of this information simply by accessing the cgi-bin
folder, which was unprotected from being listed. So, instead of going to
http://example.com, I went to http://example.com/cgi-bin/ in
my browser. I knew something was wrong on their big Flash website when I
clicked on the menu. It popped up in a new window and had a URI like