[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] HACK !! - PHP HTTP File Editor

Subject: [cobalt-users] HACK !! - PHP HTTP File Editor
From: "Steven Depuydt - www.BeNe.WS" <Steven@xxxxxxx>
Date: Sat Jan 18 06:21:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Hello List,

I downloaded this little PHP script from the following location:
http://www.gintonyx.de/php_html_editor.html

With this script it's possible that ANY user of your server with FTP-access
(to copy the PHP-files to your server), can BRWOSE & READ the COMPLETE
directory structure of your server with his browser !!

So it's possible to VIEW/READ EVERY FILE on the server. Even the files that
are not owned by that user !!

So it's possible to view the passwords & logins of the MySQL databases in
PHP-files.
That user can hack your database and who nows what else he can find on your
server.

What can we do against this ?

THANKS FOR YOUR COMMENTS !!

Steven Depuydt


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.443 / Virus Database: 248 - Release Date: 10/01/2003

Follow-Ups:
- RE: [cobalt-users] HACK !! - PHP HTTP File Editor
  - From: Dan Kriwitsky
- Re: [cobalt-users] HACK !! - PHP HTTP File Editor
  - From: Steve Werby
- Re: [cobalt-users] HACK !! - PHP HTTP File Editor
  - From: Mailing List
- Re: [cobalt-users] HACK !! - PHP HTTP File Editor
  - From: Jeff Lasman
- [cobalt-users] Re:- PHP HTTP File Editor
  - From: Charlie Summers

Prev by Date: [cobalt-users] GD LIBRARIES PHP SCRIPTS COLORS FAILS
Next by Date: Re: [cobalt-users] Cobalt User list search
Previous by thread: RE: [cobalt-users] GD LIBRARIES PHP SCRIPTS COLORS FAILS
Next by thread: RE: [cobalt-users] HACK !! - PHP HTTP File Editor

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index