longvnit Posted December 24, 2009 Report Share Posted December 24, 2009 I am testing hosting server using Plesk Panel 9.2I got some problems about security.When i used webshell (http://www.guru.net.vn/kshell_1.2.zip) or same code:Code:<%@ Language=VBScript %><%On Error Resume NextDim oScriptDim gURLgURL = Request.ServerVariables("APPL_PHYSICAL_PATH")Set oScript = Server.CreateObject("WSCRIPT.SHELL")Call oScript.Run ("c:\\WINDOWS\\system32\\cmd.exe",1,True)%>Then user IWAM_Plesk (Default) of plesk panel can execute files in system32, example: cmd.exe, regedit.exe ...Other, it can hacked web directory of other users in server.When i add permission of cmd.exe : Everyone : Deny All then plesk admin's webpage error.I can't fix problems.Please help me ! Thanks so much . Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.