--m+jEI8cDoTn6Mu9E Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable On Tue, Sep 21, 1999 at 03:51:09PM -0700, Mark Jeftovic wrote: > At 01:24 PM 9/20/99 +0100, Chris Ridd wrote: > >Does anyone maintain a list of WWWBoard bugs? (As Matt Wright clearly > >isn't interested...) > > >=20 > Doesn't look like it. I posted a vulnerability in his guestbook script > to this list about 2 years ago (ironically entitled "Guestbook script > is still vulnerable") and looking at it today ...the guestbook script > is still vulnerable. Matt Wright is one of the worst, but check out=20 http://www.ultimatebb.com/home/firsttimeinstall.html for a few good laughs: "UNIX and All Others: If you are installing on a UNIX-based server, you must set your permissions as follows:=20 Set your NON CGI directory to 777.=20 Set your Members Directory to 777. Within the Members directory, set the Admin5.cgi to 777, as well.=20 Set your CGI Directory to 755. Within the CGI directory, set all files to 7= 55,=20 except for the variable files (mods.file, Styles.file, UltBB.setup and forums.cgi), which should be set to mode 777.=20 If your web server does not allow you to have files set to mode 777 within= =20 the CGI directory, you will need to make the changes noted here. Most web servers do not have this restriction. " Not even a note that this could be bad. Patrick --=20 Patrick Oonk - PO1-6BONE - patrickat_private - www.pine.nl/~patrick Pine Internet B.V. PGP key ID BE7497F1 =20 Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://www.pine.nl/ -- Pine Security Digest - http://security.pine.nl/ (Dutch) ---- Excuse of the day: Digital Manipulator exceeding velocity parameters --m+jEI8cDoTn6Mu9E Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQB1AwUBN+k/LfMOST2+dJfxAQEBYwMAghcXjvZGbA7LapqXqcCuAqipPy2reeFc wVcGM/vQWh04JvSQzedfQz/wdyfj0kvsoedxSPWpfvOEIbIAJVsR0I0jdPIiznNm Avb5sl3DI3igjc9ND9dWp7Yadpx9hQSr =MNaL -----END PGP SIGNATURE----- --m+jEI8cDoTn6Mu9E--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:04:55 PDT