[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] userList.php possible exploit

Subject: RE: [cobalt-users] userList.php possible exploit
From: "H.P. Noordam" <bno@xxxxxxxxx>
Date: Mon May 5 08:23:57 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> Two additions:
> 1) It doesn't have to be a site admin, any user will do
> 2) This bug affects every page/listing in the 550 GUI!

> It was reported on the Sun Support forums, back in Dec 2002.
> Solution is to patch the PHP code with authentication checks.

> --anders

> PS. Note that it is "only" viewing, modifying gives errors.



hmm i guess the inability to actualy SAVE the screens you can get, takes the
real bite out. Still, it is quite stupid that any user can see just about
everything from other hosted sites.

a quick searh on the forums & KB didnt get me a thread about prior solutions
so i guess the issue is too old, do you know if there was an "official" way
to patch the code, or is it left to the users ?

Bob.

Follow-Ups:
- Re: [cobalt-users] userList.php possible exploit
  - From: Anders

References:
- Re: [cobalt-users] userList.php possible exploit
  - From: Anders

Prev by Date: [cobalt-users] How to stop SPAM senders?
Next by Date: RE: [cobalt-users] userList.php possible exploit
Previous by thread: Re: [cobalt-users] userList.php possible exploit
Next by thread: Re: [cobalt-users] userList.php possible exploit

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index