[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Cobalt RaQ2 - a user of mine changed my admin password
- Subject: [cobalt-users] Cobalt RaQ2 - a user of mine changed my admin password
- From: Brice Le Blevennec <brice@xxxxxxxxx>
- Date: Mon Jan 31 10:14:19 2000
- Organization: Ex Machina
--- Chuck Pitre - Technical Support <chuck@xxxxxxxxxxx:
Date: Thu, 27 Jan 2000 17:29:56 -0700
Reply-to: Chuck Pitre - Technical Support
<chuck@xxxxxx>
From: Chuck Pitre - Technical Support <chuck@xxxxxx>
Subject: Cobalt RaQ2 - a user of mine changed my admin password..
To: BUGTRAQ@xxxxxxxxxxxxxxxxx
Needles to say that was scary :)
anyhow I rather feel embarrassed about this one
(actually I can't believe I didn't think of it myself)
I've pasted his email to me below.
I have not yet attempted to duplicate the bug.
-- snip snip --
To replicate this bug you must have Site Administrator access to one of
the accounts on the server. When you go into the Site Management for a
site and select the User Management option, you get a list of the usernames
that have been setup for that account. The green pencil edit icon is a
command to execute the JavaScript function modify() and it passes the
username as the only variable into the function. To properly execute a
function from the Location Bar in Netscape, the HTML page has to be the
top frame. I simply opened the userList.html file in a new frame.
When you type "javascript: modify( 'admin' );" into the Location Bar,
the modify() function returns a URL. The URL returned when accessing it
from my site is
"http://207.153.19.154:81/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi?username=admin&group=site151&949015199230";.
This loads a standard Modify User page for the "admin" account.
However, when you
attempt to change this information by clicking the "Confirm Modify" button,
it returns a JavaScript error because the function that it calls upon is
dependant on the frame layout of the Site Management page. To overcome
this issue I simply downloaded two HTML files to my hard disk. One is
the index.html file, other other is the right.html file. I basically
changed the index.html file to call upon the URL's on my site and had it load
the right.html file locally off my hard disk. I then changed the
right.html
file to load the URL's on my site but changed the "main" frame source to
"http://207.153.19.154:81/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi?username=admin&group=site151&949015199230";
- the Modify User page for the "admin" account.
It then loads up with all the correct frames AND the Modify User
page for the "admin" account. I very simply just enter a new password
for the user and click "Confirm Modify" and presto! The admin password
is changed allowing me access to the Server Management page showing all
the server's clients, IP addresses, domain names, and ability to access
all the client's contact people, telephone numbers, usernames, and
passwords.
I also could delete any sites/files or downloaded any sites/files.
I then had full access via FTP to the site showing the root directory of
the server, and the ability to delete any evidence via the /log/ directory.
I hope this answers any of the questions you had, and the whole process
took me under 5 minutes!
-- snip snip --
the users email address is skirkham@xxxxxxxxxxxxxxx
if you have any questions about it...
----->One Connection, A Million Places To Go<-----
Chuck Pitre
OA Group of Technologies, Internet Division
Network Operations
(780) 425-5151 ext 556 telephone
(780) 425-3852 fax
1-888-663-1336 Toll Free