The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

**Hack warning** Interchange

Discussion in 'General Discussion' started by smejworth, Mar 28, 2004.

  1. smejworth

    smejworth Registered

    Joined:
    Nov 7, 2003
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Not sure how affected cpanel's install is, but a hack exists to display the username & password of the database interchange is using.

    As cpanels default behaviour is to give the same username and password to ssh, ftp & mysql etc it could possibly give complete access to virtual hosts.

    Here is a quick wodge, don't know if it fixes it completly:

    your_interchange_catalog_dir/special_pages/missing.html

    Remove all instances of

    @@MV_PREV_PAGE@@

    &

    [subject]


    Hope noone got bitten!
     
  2. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Or even better... disable it altogether :) And hey.. thats what the interchange developers suggest as well!
     

Share This Page