Re: [cobalt-security] MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550

["alex" <alex@xxxxxxxxxxxxxxxxx>]

I see you are from a company that works with cobalt 550, have you solved
this problem?

----- Original Message ----- 
From: "Jamie - Serverstream" <jamie@xxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Friday, June 06, 2003 7:04 PM
Subject: RE: [cobalt-security] MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL)
COBALT-550


> No,
>
> But now every Skiddie and wanna be hacker out there does!
>
> Nice one
>
>
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] On Behalf Of alex
> Sent: 06 June 2003 18:01
> To: cobalt-developers@xxxxxxxxxxxxxxx; cobalt-security@xxxxxxxxxxxxxxx;
> cobalt-users@xxxxxxxxxxxxxxx
>
> MAJOR UNSOLVED BUG IN THE GUI(WEBPANEL) COBALT-550
>
> I sent a radiance to SUN two months ago and Sun engineers haven't solved
> this problem.
>
> I think that problem know is known by many people but it is not solved
>
> If you are an adminsite you can acces to all the adminsite accounts of the
> server, you only have to change the url variable.
> I'm going to give you an example:
>
> I'm the adminsite of domain.com, I acces the GUI SITE ADMIN and the url
that
> i have in the browser is:
>
>
https://www.domain.net:81/nav/cList.php?root=sitemanageRoot&group=site13&hos
> tname=www.domain.net&goto=base_userList
>
> If I change the site number from site13  to 12 then i'll be the
> administrator of site12.
>
> Anyone knows how to solve it?
>
> Thank
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>