[thelist] DJC -- Major Security Hole in Evolt.org?
Burhan Khalid
burhankh at hotmail.com
Wed Dec 5 23:30:20 CST 2001
Hey Daniel (and all) :
I thought I might share with you what I discovered while testing out a
script that I thought was intersting. The script provides a shell interface
via the web (its PHP based). Using it, I was able to get root access to leo!
I was browsing around the entire tree, and could have (if I was some evil
person) delted everyone's meo accounts! If you (Daniel), want access to this
script, email me off list and I will send you the URL and password to login.
Lets plug this hole and make evolt and (in theory) the net a safer place.
Regards,
Burhan Khalid
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
More information about the thelist
mailing list