1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Plesk Injection Vulnerability

Discussion in 'Plesk 9.x for Windows Issue, Fixes, How-To' started by MichaeC, Feb 17, 2012.

  1. MichaeC

    MichaeC Guest

    We installed the necessary patches on 9.5.4 last night, and this morning STILL saw some logins to accounts.

    Need to know the following:

    1. How did they get the usernames to begin with?
    2. Do they have the passwords now?
    3. How are they still doing this?

    The log is not showing much that they did when logging in or even if they got in at all using the API (the one in logs under admin)

    Need more information about this..
  2. Blake@Parallels

    Blake@Parallels Regular Pleskian

    Jul 28, 2008
    Likes Received:
    Seattle, WA
    See here: http://forum.parallels.com/showthread.php?p=616004#post616004