Re: [cobalt-users] All folders visable on whole server

["Franklin S. Werren" <fswerren@xxxxxxxxxxxx>]

Hi All;

There is a cgi script called Commander
that will run basic Linux commands
This appears to be a clone of this...
All you do is dissallow cgi scripting......
This has been around for several years.....
If you have a server that does not shadow passwords
Your TOAST!!!

Commander will allow the cp, dir, and more.....
all you do is use this script and have cgi-bin access
chmog the 2 files that come with Commander....Bingo!!!
I have tested out Commander on several different
domains on different Hosting companys...... Like WOW!
The crackers love this tool..... as long as it is an inside job.

I will run a full test of this program on my Qube2 and several other
servers.


Franklin S. Werren, webmaster@xxxxxxxxxxxx   www.bagpipes.net
Modem Madness Ringmaster at www.madbbs.com/webring/
ICQ 8556386 or fswerren46 on AOL's IM or fswerren46 for MSN Messenger

Frank's Radio, P.O. Box 990, Sherman NY 14781-0990
www.franksradio.net
For the best ISP in Chautauqua County NY and North West Pa
go to www.madbbs.com    They treat you right.



----- Original Message -----
From: "Stephan P. Muecke" <smuecke@xxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, December 08, 2000 10:05 AM
Subject: [cobalt-users] All folders visable on whole server


> Hi,
>
> I just found out that it is possible for a "normal" user on a RaQ3 to
access
> all system directories using "AdminPro" (www.craigrichards.com).
>
> Also I haven´t tried out if you can read those files, I think that it´s
not
> so good if a user can view the list of all domains hosted on the RaQ, so I
> wanted to ask you what is your opinion on that topic? Is there a
possibility
> to disallow that on a server?
>
> steve
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>