[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] All folders visable on whole server

Subject: Re: [cobalt-users] All folders visable on whole server
From: "Franklin S. Werren" <fswerren@xxxxxxxxxxxx>
Date: Fri Dec 8 11:17:01 2000
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi All;

After testing this tool,
I am surprised at how easy it was to install and how easy
it was to use.... And this tool is the most dangerous
cgi script I have ever seen!!!
I thought Commander was dangerous to a webserver....
but because this has an easy GUI it makes it a tool
crackers would love....

I tried it on my Cube 2 and after I tested it, I deleted it......
I think that admins should not allow any cgi until
patches are made or keep an eye on what your
customers use for cgi......

In most cases Domain owners will not hack a server,
They do not want to loose their access....
Server owners should be aware of this new tool....
If you are an ISP and you use any Linux box
maybe you should be careful if you allow cgi
scripting for your customers free web area....


Franklin S. Werren, webmaster@xxxxxxxxxxxx   www.bagpipes.net
Modem Madness Ringmaster at www.madbbs.com/webring/
ICQ 8556386 or fswerren46 on AOL's IM or fswerren46 for MSN Messenger

Frank's Radio, P.O. Box 990, Sherman NY 14781-0990
www.franksradio.net
For the best ISP in Chautauqua County NY and North West Pa
go to www.madbbs.com    They treat you right.




----- Original Message -----
From: "Stephan P. Muecke" <smuecke@xxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, December 08, 2000 10:05 AM
Subject: [cobalt-users] All folders visable on whole server


> Hi,
>
> I just found out that it is possible for a "normal" user on a RaQ3 to
access
> all system directories using "AdminPro" (www.craigrichards.com).
>
> Also I haven´t tried out if you can read those files, I think that it´s
not
> so good if a user can view the list of all domains hosted on the RaQ, so I
> wanted to ask you what is your opinion on that topic? Is there a
possibility
> to disallow that on a server?
>
> steve
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

Follow-Ups:
- Re: [cobalt-users] All folders visable on whole server
  - From: WebWorkshop

References:
- [cobalt-users] All folders visable on whole server
  - From: Stephan P. Muecke

Prev by Date: Re: [cobalt-users] Cron error messages
Next by Date: RE: [cobalt-users] All folders visable on whole server
Previous by thread: Re: [cobalt-users] All folders visable on whole server
Next by thread: Re: [cobalt-users] All folders visable on whole server

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index