Re: WWWBoard Vulnerability

From: Samuel Sparling (sparlingat_private)
Date: Tue Nov 10 1998 - 22:56:08 PST

Next message: Balazs Nagy: "Xinetd /tmp race?"

Previous message: D. J. Bernstein: "Re: tcpd -DPARANOID doesn't work, and never did"
Maybe in reply to: Samuel Sparling: "WWWBoard Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'd like to mention that the patch I gave a few days ago (in the "WWWBoard
Vulnerability" posting), also protects against other bogus followup errors
(whereas, w/o the patch, somebody using the exploit script, or just a form,
could post w/ an followup value of for instance "44,blah", and the script
would create a file called blah.html.) Although the file created when doing
that is empty, it will not show up in the "WWWAdmin" script, other than
that, there isn't any problem I've yet found with that.
Samuel Sparling

Next message: Balazs Nagy: "Xinetd /tmp race?"
Previous message: D. J. Bernstein: "Re: tcpd -DPARANOID doesn't work, and never did"
Maybe in reply to: Samuel Sparling: "WWWBoard Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:48 PDT