On Aug 1, 2006, at 7:14 PM, [EMAIL PROTECTED] wrote:
3. after that u will got the address like this on the address bar on
your browser.
=================================================
http://sample.co.jp/cgi-bin/qmailadmin/com/delmailinglistnow?
user=postmaster&dom=sample.co.jp&time=1154482055&
4.k! now the main point. ENTER the URL.
=================================================
10.10.10.30 - - [02/Aug/2006:10:29:45 +0900] "GET /cgi-bin/
qmailadmin/com/delmailinglistnow?
user=postmaster&dom=sample.co.jp&time=1154482055& HTTP/1.1" 200
8058 "-" "Mozillla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
SV1; .NET CLR 1.1.4322)"
5. and look under then domain directory.
ALL DIRECTORY HAS BEEN DELETED...vpasswd and etc,, everything gone...
Confirmed. If you edit the URL to remove the "modu" parameter, it
will delete the entire domain directory.
I'll add a patch to have qmailadmin ensure that "modu" is an actual
mailing list before going through with the delete. I imagine that
there are other instances where modifying the URL would result in
things you don't want. I'm not sure I'd call this a bug, but it
would certainly be a good idea to modify the code to validate the
input better.
--
Tom Collins - [EMAIL PROTECTED]
Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/
QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/
