[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] <PHP Off Topic>

Subject: RE: [cobalt-users] <PHP Off Topic>
From: "Jim Carey" <ozbcoz@xxxxxxxxxxxxxxxx>
Date: Tue Jun 19 06:43:13 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

>
> I recently discovered, by accident, a small *bug*
> I wrote this file managing system, put it ont the web, and all of a
> sudden I could browse through the entire cobalt server. This could cause
> a security hazard...
>
> --Thijs Boonstra
>
Had the same thing - using PHPNuke and had a module in there that could be
passed a file name and it would display that file. No checks to see if the
file name was below document root. A kind gentleman in Russia send me a
display of my /etc/passwd file that he had sourced from this module :-)

I have since closed that hole !!

cheers

Jim Carey
www.OZbcoz.com discount domain registration
www.iluvoz.com affordable hosting services

Follow-Ups:
- Re: [cobalt-users] <PHP Off Topic>
  - From: Mike Fritsch
- Re: [cobalt-users] <PHP Off Topic>
  - From: Steve Werby

References:
- Re: [cobalt-users] <PHP Off Topic>
  - From: DenIT Internet Services [Systeem Beheer]

Prev by Date: Re: [cobalt-users] Re: RaQ4 Updates
Next by Date: RE: [cobalt-users] (OT) Posting to the list In General
Previous by thread: Re: [cobalt-users] <PHP Off Topic>
Next by thread: Re: [cobalt-users] <PHP Off Topic>

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index