[thelist] DJC -- Major Security Hole in Evolt.org?

Burhan Khalid burhankh at hotmail.com
Wed Dec 5 23:30:20 CST 2001


Hey Daniel (and all) :

  I thought I might share with you what I discovered while testing out a 
script that I thought was intersting. The script provides a shell interface 
via the web (its PHP based). Using it, I was able to get root access to leo! 
I was browsing around the entire tree, and could have (if I was some evil 
person) delted everyone's meo accounts! If you (Daniel), want access to this 
script, email me off list and I will send you the URL and password to login.

  Lets plug this hole and make evolt and (in theory) the net a safer place.

Regards,
Burhan Khalid



_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp





More information about the thelist mailing list