[thelist] Able to get to other users on server folders

Darrell King darrell at webctr.com
Wed May 16 11:22:42 CDT 2001


Speaking technically and not from a security standpoint:  why not?  If you're in a shared environment, and their disk space is world-readable, why wouldn't you be able to see it?  If the space is writable (and most virtual server directories are)....\

D

On Wed, 16 May 2001 12:13:56 -0400
"Gina K. Anderson" <gina at sitediva.com> wrote:

:Hi all,
:
:I just found a real disturbing thing while using FTP on a shared server for one
:of my clients. I was uploading an update, and accidentally hit the "up
:directory" too many times. I stumbled into the entire user list directory. From
:there I was able to get into as many directories as I clicked on, and downloaded
:a few jpg's just to see if I could. I did not do anything else, nor enter
:folders that looked private. I thought it might be a fluke, so I disconnected,
:and followed the same steps. I could repeat the process above..I didn't try to
:upload, just because of the ethics involved. I have screen shots of each step,
:and the download process of another user's stuff (jpgs).
:
:Before I go ranting off to the hoster, who has (or at least *had* 5 years ago
:when I set them up through them) a very good reputation--is this normal
:practice? I have never seen a shared server that lets you into root allowing
:access to other users folders? What's up with this???
:


-- 


The Web Center, Inc.
http://webctr.com
admin at webctr.com
1/877.349.3230 | 1/716.349.3230

CGI Programming | Web Development | Database Programming




More information about the thelist mailing list