[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [Raq4] Directory Listing Exploit found.

Subject: Re: [cobalt-users] [Raq4] Directory Listing Exploit found.
From: Nico Meijer <nico.meijer@xxxxxxxxx>
Date: Sun Mar 24 20:48:01 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi,

> What I want is to NOT let this script run.

php.ini makes it easy to disallow execution of certain functions. For example, you can block usage of phpinfo() to offer some protection. Maybe that would offer some relief?

> It lists every directory on the
> RaQ and *ANYONE* can run it.

Only a customer can install it. Customers are easily kicked off of machines if necessary. You do have an AUP?

Good luck... Nico

Follow-Ups:
- RE: [cobalt-users] [Raq4] Directory Listing Exploit found.
  - From: Kai

References:
- Re: [cobalt-users] [Raq4] Directory Listing Exploit found.
  - From: GF
- RE: [cobalt-users] [Raq4] Directory Listing Exploit found.
  - From: Kai

Prev by Date: RE: [cobalt-users] Can I turn a Raq4i into a RaQ4r?
Next by Date: Re: [cobalt-users] Can I turn a Raq4i into a RaQ4r?
Previous by thread: RE: [cobalt-users] [Raq4] Directory Listing Exploit found.
Next by thread: RE: [cobalt-users] [Raq4] Directory Listing Exploit found.

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index