On Fri, 2003-01-17 at 16:58, njd 76 wrote: > Can RAQ4i people give this a try. I can get stright to my backup area > without logging in. I dont know if you can save it or not but all my cookies > were deleted when i tried it. Not sure if its a security hole but I perfer > SUN would fix this minor problem. > > http://<server_ip>:81/cgi-bin/.cobalt/netbackup/netbackup.cgi > > Please let me know what you guys find out there.
It really does not request authentication. It seems that it does not allow to change settings, though (but I did not check real hard). There are two more directories there that have missing .htaccess. One discloses a little piece of information. The other one (siteFPXsubweb) has access check in the code so is not a security problem. Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
