Hosted.cc
01-08-2005, 03:43 PM
Gulftech.org finds security holes in online scripts. Here is a recent report:
Started by a webhost looking for more out of a simple managment script, Brandee Diggs (Owner of Spinn A Web Cafe, Founder of Benchmark Designs) setout to build an internal management system that could handle the day to day operations of a normal hosting company. The key was to remove the need to constantly watch your orders and manage the installs. Alas, WHM AutoPilot was born. [ as quoted from their official website ] WHM Autopilot is vulnerable to a number of vulnerabilities such as cross site scripting, file inclusion, and information disclosure.
For more information, visit: http://www.gulftech.org/?node=research
I don't know what should be done about this as I am not a user of autopilot, contact Gulftech for further details.
Started by a webhost looking for more out of a simple managment script, Brandee Diggs (Owner of Spinn A Web Cafe, Founder of Benchmark Designs) setout to build an internal management system that could handle the day to day operations of a normal hosting company. The key was to remove the need to constantly watch your orders and manage the installs. Alas, WHM AutoPilot was born. [ as quoted from their official website ] WHM Autopilot is vulnerable to a number of vulnerabilities such as cross site scripting, file inclusion, and information disclosure.
For more information, visit: http://www.gulftech.org/?node=research
I don't know what should be done about this as I am not a user of autopilot, contact Gulftech for further details.