[thelist] Able to get to other users on server folders
Gina K. Anderson
gina at sitediva.com
Wed May 16 11:12:17 CDT 2001
Hi all,
I just found a real disturbing thing while using FTP on a shared server for one
of my clients. I was uploading an update, and accidentally hit the "up
directory" too many times. I stumbled into the entire user list directory. From
there I was able to get into as many directories as I clicked on, and downloaded
a few jpg's just to see if I could. I did not do anything else, nor enter
folders that looked private. I thought it might be a fluke, so I disconnected,
and followed the same steps. I could repeat the process above..I didn't try to
upload, just because of the ethics involved. I have screen shots of each step,
and the download process of another user's stuff (jpgs).
Before I go ranting off to the hoster, who has (or at least *had* 5 years ago
when I set them up through them) a very good reputation--is this normal
practice? I have never seen a shared server that lets you into root allowing
access to other users folders? What's up with this???
Gina
More information about the thelist
mailing list