[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] userList.php possible exploit

Subject: RE: [cobalt-users] userList.php possible exploit
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon May 5 08:29:55 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Mon, 5 May 2003, H.P. Noordam wrote:
>
> Funny, i see all users, from all sites. The key seems to be the acceptance
> of the missing group numer at the end of the url by the script.
>
> the attached link shows a jpeg with multiple site admins. On the system,
> there is only one site admin for each hosted domain, so you are looking at
> users from about 10 different domains here. I can edit them too.

  Do you have all the patches installed?
  I only see the users for the site of the siteadmin that logged in.

Gerald
--
http://frontstreetnetworks.com | http://store.raqware.com
  Front Street Networks LLC, 229 Front Street, Ste.#C
  New Haven, CT 06513-3203 | phone: +1-203-785-0699

References:
- RE: [cobalt-users] userList.php possible exploit
  - From: H.P. Noordam

Prev by Date: RE: [cobalt-users] userList.php possible exploit
Next by Date: RE: [cobalt-users] How to stop SPAM senders?
Previous by thread: RE: [cobalt-users] userList.php possible exploit
Next by thread: Re: [cobalt-users] userList.php possible exploit

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index