Current time: 11-25-2024, 02:39 PM Hello There, Guest! (LoginRegister)


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Security hole in ISPCP 1.0.5
Author Message
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #16
RE: Security hole in ISPCP 1.0.5
Well - if /var/log *is* destroyed then someone needs root privileges.

But with root privileges you do not need to create ftp users in the panel...

So there were maybe two incidents???

Finding an ispcp login password should only be possible with/by sniffing or social engineering (or try and error - if you have the hash).

Reading the ispcp-login-hash needs access to the ispcp database - which needs a mysql root-privileged account...

Indeed very strange what happened here...

/J
07-20-2010 11:16 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Messages In This Thread
Security hole in ISPCP 1.0.5 - Alex Joe - 07-14-2010, 07:38 AM
RE: Security hole in ISPCP 1.0.5 - Nuxwin - 07-14-2010, 07:42 AM
RE: Security hole in ISPCP 1.0.5 - RatS - 07-14-2010, 05:38 PM
RE: Security hole in ISPCP 1.0.5 - ZooL - 07-15-2010, 06:31 AM
RE: Security hole in ISPCP 1.0.5 - gOOvER - 07-15-2010, 06:56 AM
RE: Security hole in ISPCP 1.0.5 - nuke3d - 07-16-2010, 06:36 PM
RE: Security hole in ISPCP 1.0.5 - kilburn - 07-16-2010, 07:39 PM
RE: Security hole in ISPCP 1.0.5 - joximu - 07-16-2010, 08:12 PM
RE: Security hole in ISPCP 1.0.5 - kilburn - 07-20-2010, 08:32 PM
RE: Security hole in ISPCP 1.0.5 - nuke3d - 07-20-2010, 09:23 PM
RE: Security hole in ISPCP 1.0.5 - joximu - 07-20-2010 11:16 PM

Forum Jump:


User(s) browsing this thread: 3 Guest(s)