Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: FW: [Alert] Website's uploader.exe (from demo) vulnerableDavid J. Meltzer (davemISS.NET)
Fri, 5 Sep 1997 17:30:33 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: blind: "promisc.c,v null: test devices for sniffers and device moniters."
- Previous message: Aleph One: "Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable"
- In reply to: Aleph One: "Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable"
> >O'reilly's webserver 'website' contains a demopackage that contains > >the cgi-program uploader.exe. > >The program uploader.exe doesn't check anything at all..... > > This hole did exist prior to the July 1996 revision of uploader.bas, > when I added a security fix. > The fix has been available since that time at > http://software.ora.com/techsupport/software/updates.html > The revised uploader was also included in WebSite 1.1g FYI- The current WebSite Professional 2.0 Beta is vulnerable to the uploader.exe problem. Of course being beta code it is expected to have bugs but just want to be sure you are aware so it gets fixed before 2.0 hits a release. -Dave --------------------------------+--------------------- David J. Meltzer | Email: davemiss.net Systems Engineer | Web: www.iss.net Internet Security Systems, Inc. | Fax: (770)395-1972