[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] [Raq4] Directory Listing Exploit found.

Subject: RE: [cobalt-users] [Raq4] Directory Listing Exploit found.
From: "Mevers Automatisering - Mevershosting.nl" <info@xxxxxxxxxxxxxxxx>
Date: Mon Mar 25 02:25:36 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Just set PHP to Safe_Mode than they will not be able to open any file others
then their own.


Gr R
-----Original Message-----
From: Kai [mailto:go@xxxxxxxxxxxx]
Sent: maandag 25 maart 2002 16:12
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] [Raq4] Directory Listing Exploit found.


Seems to work. Only issue is, is that they can still browse down to
/home/sites and view my customers data. Hmmmm

Thanks though. I appreciate your help. Oh well. My customers will
have to deal with it until my admin can figure something out.

Atleast they cant look below /home/sites

Kai

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of george
Sent: Monday, 25 March 2002 11:53 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] [Raq4] Directory Listing Exploit found.


At 13:05 25/03/2002 +0000, you wrote:



Can't you set open_basedir within the php.ini file to prevent this


George






> > I have that script to.
> >
> > What I want is to NOT let this script run. It lists every directory on
the
> > RaQ and *ANYONE* can run it. So all your customers can look at your
>files...
> > and look at other sites etc.
>
>you STILL haven't named the script, why not? is it secret?
>
>it would help us knowing what the script is...
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To Subscribe or Unsubscribe, please go to:
>http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner


--
This message has been scanned for viruses and
dangerous content by MailScanner

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users


_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- RE: [cobalt-users] [Raq4] Directory Listing Exploit found.
  - From: Gerald Waugh

Prev by Date: Re:[cobalt-users] How to create VPNs on Cobalt Qube 3]
Next by Date: Re: [cobalt-users] [Raq4] Directory Listing Exploit found.
Previous by thread: Re:[cobalt-users] How to create VPNs on Cobalt Qube 3]
Next by thread: RE: [cobalt-users] [Raq4] Directory Listing Exploit found.

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index