HC7 Build 10 Security Bug
Hello all, can someone please verify this
1. Login to your control panel as a webadmin or reseller
2. Read the info below about changing address and then paste the following in your browsers navigation bar and click go
http://www.dcontrol.net/browsing/SubBrowsing.aspx?PF=1&WSID=592&OSType=Windows&ServerIP=0.0.0.0&FormName=frmAddPrivateFolder&FieldName=txtPhysicalPath&FieldValue=c%3a&SkipFiles=1&FromAddPrivateFolder=1
- Replace
http://www.dcontrol.net with your control panels url and port if not port 80
- Replace WSID=592 with a valid WebsiteID, this could be guessed i.e. 1, 2. 3, 10 etc etc it can also be found in the log folder of any domain as it specifies the website ID in the folder name and the log file name!
In the security settings for our servers on all partitions its set to only allow Administrators and SYSTEM, as hc executes as an administrator someone can view your entire server!
__________________
Chris Daley
Dwebs Ltd Director :: Company No. 05603664 :: Phone No. (UK) 0870 803 4423
www.Dhosting.co.uk - Web Hosting, Domain Registration
www.Dwebs.ltd.uk - Web Design & Other Services
My views are my own and not those of my company.