[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [Raq4] Directory Listing Exploit found.

Subject: Re: [cobalt-users] [Raq4] Directory Listing Exploit found.
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Mon Mar 25 15:03:11 2002
Organization: nobaloney.net
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Jonathan Michaelson wrote:

> Indeed. It's also very trivial. I've written a perl CGI script in the last
> few minutes that any user could upload to their hosting account and run that
> trawls the whole server listing all files that you can read, write and
> execute.

...<stuff snipped from middle>...

> In this environment, if you're sticking with the Cobalt configuration,
> client education is probably your most effective tool. Running CGI scripts
> such as this one helps you find those clients that need that education to
> help protect themselves _from_ themselves.

So, are you going to release the script for our administration use
<smile>?

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484

Follow-Ups:
- Re: [cobalt-users] [Raq4] Directory Listing Exploit found.
  - From: Jonathan Michaelson

References:
- [cobalt-users] [Raq4] Directory Listing Exploit found.
  - From: Kai
- Re: [cobalt-users] [Raq4] Directory Listing Exploit found.
  - From: Steve Werby
- Re: [cobalt-users] [Raq4] Directory Listing Exploit found.
  - From: Jonathan Michaelson

Prev by Date: Re: [cobalt-users] Can I turn a Raq4i into a RaQ4r?
Next by Date: Re: [cobalt-users] Qube3 serving more than one domain?
Previous by thread: Re: [cobalt-users] [Raq4] Directory Listing Exploit found.
Next by thread: Re: [cobalt-users] [Raq4] Directory Listing Exploit found.

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index