Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: Re: A new problem in apache ?
From: Tony Finch (dotdotat.at)
Date: Sun Oct 08 2000 - 17:58:55 CDT
- Next message: Roman Shterenzon: "Re: Check Point FW-1"
- Previous message: Wes Peters: "Re: Check Point FW-1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
"Andrey A. Chernov" <achenagual.pp.ru> wrote:
>> Here are some example RewriteRule directives. The first is vulnerable, but the others are not
>> RewriteRule /test/(.*) /usr/local/data/test-stuff/$1
>Looks like famous ../../../ trick can be used.
Yes, but you have to be reasonably cunning to get a ../../../.. into
the path whilst avoiding the checks for it.
I've posted more information about this problem to bugtraq.
-- en oeccget g mtcaa f.a.n.finch v spdlkishrhtewe y dotdotat.at eatp o v eiti i d. fanfcovalent.net
To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message