• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

I've run into an area where i shouldn't have access..

A

admin123

Guest
http://www.********.com/admin/

I typed the above in by accident and was able to get into the above directory which doesn't even exist and this is what it lists:

[DIR] Parent Directory -
[TXT] admin.css 29-Jul-2004 05:13 2.0K
[ ] banner.jsp 29-Jul-2004 05:13 2.1K
[ ] blank.jsp 29-Jul-2004 05:13 526
[ ] buttons.jsp 29-Jul-2004 05:13 441
[DIR] connector/ 30-May-2005 08:10 -
[DIR] context/ 30-May-2005 08:10 -
[DIR] defaultcontext/ 30-May-2005 08:10 -
[ ] dumpRegistry.jsp 29-Jul-2004 05:13 1.0K
[ ] dumpServer.jsp 29-Jul-2004 05:13 796
[ ] error.jsp 29-Jul-2004 05:13 716
[TXT] footer.jsp 19-Mar-2004 06:49 0
[ ] header.jsp 29-Jul-2004 05:13 309
[DIR] host/ 30-May-2005 08:10 -
[DIR] images/ 30-May-2005 08:10 -
[ ] index.jsp 29-Jul-2004 05:13 1.0K
[DIR] logger/ 30-May-2005 08:10 -
[ ] login.jsp 29-Jul-2004 05:13 2.6K
[DIR] realm/ 30-May-2005 08:10 -
[DIR] resources/ 30-May-2005 08:10 -
[ ] saved.jsp 29-Jul-2004 05:13 968
[DIR] server/ 30-May-2005 08:10 -
[DIR] service/ 30-May-2005 08:10 -
[TXT] tree-control-test.css 29-Jul-2004 05:13 325
[ ] tree-control-test.jsp 29-Jul-2004 05:13 824
[DIR] users/ 30-May-2005 08:10 -
[DIR] valve/


...And when I click on "Parent Directory" link, it takes me here:

This is the placeholder for domain *******.com. If you see this page after uploading site content you probably have not replaced the index.html file.

This page has been automatically generated by Plesk.

....Anybody got a clue where this directory came from, where it is and why i can have direct access to it like this.

thanks
 
Looks like the Tomcat admin stuff. Do a locate command

locate tree-control-test.jsp

and on a default Plesk 7.5.3 you should only have a single occurence of the file in

/var/tomcat4/server/webapps/admin/ folder

But normally on a default Plesk server that shouldn't happen. Did you maybe do a separate tomcat (or JSP) related install?? Maybe Jakarta?

Plesk does install Tomcat 4 / Jakarta for use in the control panel, but other than linking it to port 8443, the only other way to bring up the admin page/folder would be to browse:

http://domain.tld:8080
http://domain.tld:8080/admin

AFAIK anyways...
 
Back
Top