[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550
- Subject: [cobalt-security] MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550
- From: "alex" <alex@xxxxxxxxxxxxxxxxx>
- Date: Fri, 6 Jun 2003 19:00:42 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550
I sent a radiance to SUN two months ago and Sun engineers haven't solved
this problem.
I think that problem know is known by many people but it is not solved
If you are an adminsite you can acces to all the adminsite accounts of the
server, you only have to change the url variable.
I'm going to give you an example:
I'm the adminsite of domain.com, I acces the GUI SITE ADMIN and the url that
i have in the browser is:
https://www.domain.net:81/nav/cList.php?root=sitemanageRoot&group=site13&hostname=www.domain.net&goto=base_userList
If I change the site number from site13 to 12 then i'll be the
administrator of site12.
Anyone knows how to solve it?
Thank