Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1997: Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable

Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable

Aleph One (aleph1DFW.NET)
Fri, 5 Sep 1997 16:03:11 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David J. Meltzer: "Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable"
Previous message: Marc Slemko: "Re: Overflow in one of Apache 1.1.1 (maybe later too)'s modules"
Next in thread: David J. Meltzer: "Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable"

---------- Forwarded message ----------
Date: Fri, 5 Sep 1997 12:43:14 -0700
From: M. Bracewell <markbORA.COM>
To: NTBUGTRAQNTADVICE.COM
Subject: Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable

>O'reilly's webserver 'website' contains a demopackage that contains
>the cgi-program uploader.exe.
>The program uploader.exe doesn't check anything at all.....

This hole did exist prior to the July 1996 revision of uploader.bas,
when I added a security fix.
The fix has been available since that time at
http://software.ora.com/techsupport/software/updates.html
The revised uploader was also included in WebSite 1.1g




--
Mark Bracewell         markboreilly.com
RFC 793 2.10. - Robustness Principle:
TCP implementations will follow a general principle of robustness:
be conservative in what you do, be liberal in what you accept from others.

Next message: David J. Meltzer: "Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable"
Previous message: Marc Slemko: "Re: Overflow in one of Apache 1.1.1 (maybe later too)'s modules"
Next in thread: David J. Meltzer: "Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable"