--- Siberian <siberian@sentry-labs.com> a écrit : > the file modified was lspro_list_header.txt I think, which > permissions were set to 666. Are they using a simple put to > modify? Is put supported by any webserver by default? Yes it is, by IIS (is this really a surprise? :) If your permissions are wrong, it will accept "anonymous" PUT, without a password. As far as I know, there is no simple way to disable the PUT or DELETE method in IIS. In Apache, they are disabled by default and you have to uncomment a couple of lines scattered in the configuration file if you really want to shoot you in the foot. > Here is the vendor URL: > http://www.listsitepro.com/ What am I supposed to find here? ___________________________________________________________ Do You Yahoo!? -- Pour faire vos courses sur le Net, Yahoo! Shopping : http://fr.shopping.yahoo.com
This archive was generated by hypermail 2b30 : Tue Jul 10 2001 - 08:16:32 PDT