Plesk 8 Also Insecure, Even With Php Safe Mode On

[Markus@]

I just found an exploit when using Perl.

Via Perl you are able to access folders and files with incorrect file permission settings, same thing, cp /virus.script /directorywithwrongpermissions and then system("/dir/virus.script");

ET VOILA PLESK HACKED AGAIN!!!!!!!!!!!!!!!!!!!

Plesk also support hackers!

 

[jamxUK]

How does PHP safe mode being enabled have anything to do with a PERL exploit?

 

[Who-m3]

You do realize that PERL and PHP are two completely separate languages, handled by different interpreters, and processed completely separately from each other...right? I mean, come on! Stop blaming plesk for the insecurities you're having.

If I remember correctly, plesk uses mod_perl, why aren't you blaming the people over at the apache project, or the people at php, or the people at perl? I mean come on! You're just trying to blame everyone else for your inability to manage your server correctly. Granted, this will probably make you direct your attacks at me, but with your recent posts, I no longer care what you say.

Good luck with your control panel project, which you've stated you're starting. And best of luck securing it against people that really want in.

 

[Markus@]

Simple, use a php script to upload or move CGI files to the /TMP directory and execute them via PHP.

 

[Linulex]

Originally posted by Markus
Simple, use a php script to upload or move CGI files to the /TMP directory and execute them via PHP.

If it is possible to execute files in /tmp then you lack some default security on your server. /tmp should always be mounted as noexec

http://www.eth0.us/tmp

http://www.eth0.us/taxonomy/term/10

regards
Jan