1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

High Security Flaw !!! Please read, all.

Discussion in 'Plesk for Windows - 8.x and Older' started by 3ASistemi, Apr 13, 2007.

Thread Status:
Not open for further replies.
  1. 3ASistemi

    3ASistemi Guest

    0
     
    Hi all,
    Some weeks ago someone hacked our webserver...

    We've made some researches and test and we've found a security flaw on the following pages:

    login.php3
    login_up.php
    top.php3

    This flaw can permit an attacker to read files that are stored on the hd.

    Example:

    https://URLOFTHEPLESKPANEL/login_up...cale_id=../../../../../../../../boot.ini.jpg

    We've tested it with plesk for windows 8.1 and 8.1.1, but we didn't found any information on this exploit. Is there already an hotfix? How can we solve that?
     
  2. pdreissen

    pdreissen Guest

    0
     
    Unbelievable that nobody gives any response on this. That's why i really think that the majority of all users here don't care about security.

    Can confirm the above, this is really a big issue.

    Can someone of Plesk also check on this and give us at least any response ?

    I believe Plesk stores the admin password in plain text in a file. With the above issue it is possible to retreive this file ?
     
  3. kami@

    kami@ Guest

    0
     
  4. pdreissen

    pdreissen Guest

    0
     
    Well i see the content of the file don't YOU ?
     
  5. sullo

    sullo Guest

    0
     
    I can't duplicate on my CentOS installation (changing to a unix file and not the Win file), so this may be a Windows only flaw.

    Did anyone open a support ticket?
     
  6. 3ASistemi

    3ASistemi Guest

    0
     
    see the picture, please

    Please,
    swsoft programmers, see the picture attach,
    and resolve this BIG HOLE security...

    The problem persist in 8.1 and 8.1.1 versione
    of Windows Plesk.
    P.S. The 8.1.1 is a fresh installation of windows
    server 2003 web edition and plesk...


    ... excuse me, why don't see my attach ?
    The picture is 87Kb ???
     
  7. OlegB

    OlegB Guest

    0
     
Thread Status:
Not open for further replies.
Loading...