Security Breach between accounts

vrinteractive · Feb 21, 2005

So I have tested this with a couple of domains on different platforms.

I have two domains
www.mydomain.com : user mydomain
www.yourdomain.com : user yourdomain

http://mydomain.com:2082/frontend/x/indexmanager/index.html?dir=/home/mydomain/public_html/
use mydomain to login

then go to

http://yourdomain.com:2082/frontend/x/indexmanager/index.html?dir=/home/yourdomain/public_html/
you can go in and edit this without having to re-authenticate.
This seems like a SIGNIFICANT security hole.

Please advise

jester.ro · Feb 21, 2005

doesn't work on 3 servers that i tested on.

vrinteractive · Feb 21, 2005

I'm running on:
WHM 10.0.0 cPanel 10.0.0-R85
Fedora i686 - WHM X v3.1.0

chirpy · Feb 21, 2005

If you can recreate the issue, then you should inform [email protected] immediately.

Edit: Your user account password isn't the same as your root or reseller password is it?

ntwaddel · Feb 21, 2005

it does not work on my server either

vrinteractive · Feb 21, 2005

I believe it was that sessions were not disconnecting after logout. my apologies

Thread starter	Similar threads	Forum	Replies	Date
A	ModSecurity to disable for Wordpress	Security	8	Aug 28, 2023
K	Modsecurity and cpanel questions	Security	3	Aug 19, 2023
	go-pear.phar security breach	Security	4	Jan 23, 2019
N	server security is breached?	Security	3	Sep 6, 2013
H	Security Breach In Proftpd	Security	0	May 23, 2004

Search

Search

Security Breach between accounts

vrinteractive

Member

jester.ro

Well-Known Member

vrinteractive

Member

chirpy

Well-Known Member

ntwaddel

Well-Known Member

vrinteractive

Member