[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] [Raq4] Directory Listing Exploit found.
- Subject: RE: [cobalt-users] [Raq4] Directory Listing Exploit found.
- From: "Kai" <go@xxxxxxxxxxxx>
- Date: Sun Mar 24 18:01:02 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
I have that script to.
What I want is to NOT let this script run. It lists every directory on the
RaQ and *ANYONE* can run it. So all your customers can look at your files...
and look at other sites etc.
I have the same program that you have below. It's cool. Slightly better
uptime though: Uptime : 92 days, 23 hours, 41 minutes :)
Ciao
-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of GF
Sent: Monday, 25 March 2002 7:21 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] [Raq4] Directory Listing Exploit found.
> I know what you're thinking. "This has been addressed i the archives. You
> use: Options -Indexes in the access.conf file".
> However... This DOES work for normal directory listing. However... PHP
seems
> to bypass this. It has it's own permissions or something.
> So.. How do we make PHP abide by these rules too.. because this script i
> have can show u anyting
and the name of the script is?
a little favourite of mine is sysinfo/index.php which is a single file,
needs NO modification, just upload to anywhere on a php server, and it
gives you all sorts of useful system information, you can see a demo running
at http://213.38.74.210/sysinfo/ on an old raq2 of mine
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users