In my opinion, security of web apps is a cumulative task where you secure everything that can be secured within reason. So far, these are the points:<br><br>1. If a reverse DNS lookup can yield the IP address of <a href="http://domains.safaricom.co.ke">domains.safaricom.co.ke</a>, we have a target.<br>
2. Due to the lack of custom 404 error handlers, we know the target runs RHEL5<br>3. We also know there is a database on that target, we just need to find the port its using.<br>4. We have a possibly working <a href="http://domains.safaricom.co.ke/webim/client.php">username</a> for that database, its a matter of guessing the password.<br>
5. We know that <a href="http://www.securityfocus.com/bid/36449/info">PHP 5.2.9</a> has specific vulnerabilities on RHEL5<br><br>If I was running that server, I would rather not have the facts above available to the general public, regardless of whether that server hosts &quot;hello world&quot; pages or not.<br>
<br>Next question I would ask, is <a href="http://domains.safaricom.co.ke">domains.safaricom.co.ke</a> a target worthy of the effort?<br>