[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] [Raq4] Directory Listing Exploit found.
- Subject: Re: [cobalt-users] [Raq4] Directory Listing Exploit found.
- From: "Jonathan Michaelson" <michaelsonjd@xxxxxxxxxxx>
- Date: Mon Mar 25 00:23:03 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hello,
> All of the symbolic links in /home/sites are world-readable. So anyone
with
> shell access or any script written in a language which doesn't limit
access
> to certain directories (or alternately disallow access to certain
> directories) will be able to access those files. This is normal.
Indeed. It's also very trivial. I've written a perl CGI script in the last
few minutes that any user could upload to their hosting account and run that
trawls the whole server listing all files that you can read, write and
execute.
It's interesting running it on a server where you have hosting clients. It's
amazing just how many clients have used 777 or 666 permissions on
directories and files which allows _anyone_ to write to them. The scariest
are those that have cgi scripts with 777 which allows _anyone_ to modify
that CGI script and (for example) delete that sites entire website. No need
for anything as nice as shell access or PHP, simply allowing CGI scripts
gets the job done.
In this environment, if you're sticking with the Cobalt configuration,
client education is probably your most effective tool. Running CGI scripts
such as this one helps you find those clients that need that education to
help protect themselves _from_ themselves.
Regards,
Jonathan Michaelson
Commercial CGI Products
http://www.webumake.com