Re: [cobalt-users] All folders visable on whole server

[Mike Vanecek <nospam99@xxxxxxxxxxxx>]

On Fri, 8 Dec 2000 13:11:12 -0500, "Franklin S. Werren"
<fswerren@xxxxxxxxxxxx> wrote:

:>Hi All;
:>
:>There is a cgi script called Commander
:>that will run basic Linux commands
:>This appears to be a clone of this...
:>All you do is dissallow cgi scripting......
:>This has been around for several years.....
:>If you have a server that does not shadow passwords
:>Your TOAST!!!

Shadow passwords are not used on the Qube2. All Qube2 folks could end up sunny
side up.

:>
:>Commander will allow the cp, dir, and more.....
:>all you do is use this script and have cgi-bin access
:>chmog the 2 files that come with Commander....Bingo!!!
:>I have tested out Commander on several different
:>domains on different Hosting companys...... Like WOW!
:>The crackers love this tool..... as long as it is an inside job.

Zap me, please.

:>I will run a full test of this program on my Qube2 and several other
:>servers.

Please do post the results.

:>----- Original Message -----
:>From: "Stephan P. Muecke" <smuecke@xxxxxxxxxxxxx>
:>Sent: Friday, December 08, 2000 10:05 AM
:>Subject: [cobalt-users] All folders visable on whole server

:>> I just found out that it is possible for a "normal" user on a RaQ3 to
:>access
:>> all system directories using "AdminPro" (www.craigrichards.com).
:>>
:>> Also I haven´t tried out if you can read those files, I think that it´s
:>not
:>> so good if a user can view the list of all domains hosted on the RaQ, so I
:>> wanted to ask you what is your opinion on that topic? Is there a
:>possibility
:>> to disallow that on a server?