Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)
Date: Tue Oct 12 2004 - 02:49:53 CDT
On Mon, 11 Oct 2004 12:50:20 -0700 Chris Umphress <umphressgmail.com>
> chrischris:~/test$ arj a test.arj ../../../usr/local/bin/test.txt
ya have ''.'' in yar PATH! bwahahahah!
>Apart from it removing one "../" from the filename I gave it, it
>worked exactly as I expected.
dis is powerfull security whole! im writting a exploit for it right now
in visual cobol!
czech this out::
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
Promote security and make money with the Hushmail Affiliate Program:
Full-Disclosure - We believe in it.