View Single Post
  #14  
Old 28th January 2007, 14:10
Petr WhiskI Petr WhiskI is offline
Junior Member
 
Join Date: Aug 2006
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Cross site security issues

Quote:
Originally Posted by djtremors
Authentication files are stored together in /home/admispconfig/ispconfig/web/ispc.awstats/.htpasswd as well as the websites home directory. ONLY the domains allowed users can access their own sites so there's no cross site security issues there.
Try this:
Log in stats of your site and change url in browser:
http://www.yoursite.tld/ispcstats/awstats.pl?config=www.another_site_on_the_same_isp.tld

So what do you thing about crossite security now?
Reply With Quote