C99Shell in ispconfig
You can read the files of all clients
Originally Posted by till
Please use fastcgi and not cgi as I suggested above.
The screenshot does not mean much, it just tells you that you are able to access files inside your website directory which has to be the case if you wnat to run a php script in your site. Try to access files from another website that does not belong to the same client or add a file in /root as root user and then try to access that file to see if the sites are protected or not.
I now use fastcgi
how I can fix this hole?
Last edited by loadingjkr; 5th June 2012 at 22:44.