3
3ASistemi
Guest
Hi all,
Some weeks ago someone hacked our webserver...
We've made some researches and test and we've found a security flaw on the following pages:
login.php3
login_up.php
top.php3
This flaw can permit an attacker to read files that are stored on the hd.
Example:
https://URLOFTHEPLESKPANEL/login_up...cale_id=../../../../../../../../boot.ini .jpg
We've tested it with plesk for windows 8.1 and 8.1.1, but we didn't found any information on this exploit. Is there already an hotfix? How can we solve that?
Some weeks ago someone hacked our webserver...
We've made some researches and test and we've found a security flaw on the following pages:
login.php3
login_up.php
top.php3
This flaw can permit an attacker to read files that are stored on the hd.
Example:
https://URLOFTHEPLESKPANEL/login_up...cale_id=../../../../../../../../boot.ini .jpg
We've tested it with plesk for windows 8.1 and 8.1.1, but we didn't found any information on this exploit. Is there already an hotfix? How can we solve that?