[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Major security issue - PHP

Subject: [cobalt-users] Major security issue - PHP
From: "Simon Pierce"<simon@xxxxxxxxxxxxxxx>
Date: Wed May 2 00:22:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

A site administrator on a RaQ3 installed a script that allowed him to browse and manipulate files on the RaQ3 through a browser. The script required he set the system path to his web space, but he set it wrong - instead of putting '/home/sites/site3/web' he put /home/sites/site2/web'. The script then allowed him full access to site2 - someone else's site. He could delete the files if he wished.
 
The user on the RaQ3 didn't do anything malicious - he deleted the script and informed me. Surely there is a way of preventing this?

Follow-Ups:
- [cobalt-users] sshd2
  - From: CDNS Administration
- Re: [cobalt-users] Major security issue - PHP
  - From: Denis Bystruev

Prev by Date: [cobalt-users] (no subject)
Next by Date: RE: [OT] [cobalt-users] dielectric constant
Previous by thread: [cobalt-users] Hating the Cobalt Front Page Default
Next by thread: [cobalt-users] sshd2

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index