Howard547
08-04-2001, 02:02 AM
Imnot going to act like a "homo thug" like that other guy di a few weeks ago.
While testing out php's file functions, I was able to read most directories and files on the servers. I was unable to open any UNix password files, but I was able to go through people's php and cgi files unparced. A lot of yall are saying bigwoop, but many people keep there admin password and database passwords in these files. I didn't go looking through anybodies admin sites or databases though.
The reason I think this is a CPanel bug is because all CPanel sites are in the directory (usualy "/home")on a virtual host. With php file functions I was able to read all of the directories in this file. Then when I would try to open on of these files, it siad I din't have permission. But since CPanel sites are pretty much identical I opend the directory "/home/accountname/public_html", and I was able to read through everyones unparsed information.
My question is...Where do I go to report this?
While testing out php's file functions, I was able to read most directories and files on the servers. I was unable to open any UNix password files, but I was able to go through people's php and cgi files unparced. A lot of yall are saying bigwoop, but many people keep there admin password and database passwords in these files. I didn't go looking through anybodies admin sites or databases though.
The reason I think this is a CPanel bug is because all CPanel sites are in the directory (usualy "/home")on a virtual host. With php file functions I was able to read all of the directories in this file. Then when I would try to open on of these files, it siad I din't have permission. But since CPanel sites are pretty much identical I opend the directory "/home/accountname/public_html", and I was able to read through everyones unparsed information.
My question is...Where do I go to report this?