[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550
- Subject: RE: [cobalt-security] MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550
- From: "Jamie - Serverstream" <jamie@xxxxxxxxx>
- Date: Fri, 6 Jun 2003 18:04:49 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
No,
But now every Skiddie and wanna be hacker out there does!
Nice one
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] On Behalf Of alex
Sent: 06 June 2003 18:01
To: cobalt-developers@xxxxxxxxxxxxxxx; cobalt-security@xxxxxxxxxxxxxxx;
cobalt-users@xxxxxxxxxxxxxxx
MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550
I sent a radiance to SUN two months ago and Sun engineers haven't solved
this problem.
I think that problem know is known by many people but it is not solved
If you are an adminsite you can acces to all the adminsite accounts of the
server, you only have to change the url variable.
I'm going to give you an example:
I'm the adminsite of domain.com, I acces the GUI SITE ADMIN and the url that
i have in the browser is:
https://www.domain.net:81/nav/cList.php?root=sitemanageRoot&group=site13&hos
tname=www.domain.net&goto=base_userList
If I change the site number from site13 to 12 then i'll be the
administrator of site12.
Anyone knows how to solve it?
Thank
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security