Bugtraq mailing list archives

Re: WWWBoard Vulnerability

From: sparling () SLIP NET (Samuel Sparling)
Date: Tue, 10 Nov 1998 22:56:08 -0800


I'd like to mention that the patch I gave a few days ago (in the "WWWBoard
Vulnerability" posting), also protects against other bogus followup errors
(whereas, w/o the patch, somebody using the exploit script, or just a form,
could post w/ an followup value of for instance "44,blah", and the script
would create a file called blah.html.) Although the file created when doing
that is empty, it will not show up in the "WWWAdmin" script, other than
that, there isn't any problem I've yet found with that.
Samuel Sparling

Current thread:

Re: klogd 1.3-22 buffer overflow, (continued)
- - - Re: klogd 1.3-22 buffer overflow Peter van Dijk (Nov 11)
  - Re: [Linux] klogd 1.3-22 buffer overflow Cory Visi (Nov 11)
  - Re: [Linux] klogd 1.3-22 buffer overflow Martin Schulze (Nov 17)
    - Re: [Linux] klogd 1.3-22 buffer overflow Michal Zalewski (Sep 12)
    - Re: [Linux] klogd 1.3-22 buffer overflow security () PENGUIN NET AU (Nov 17)
    - Update to Microsoft Security Bulletin (MS98-015) Aleph One (Nov 18)
    - Multiple KDE security vulnerabilities (root compromise) David G. Andersen (Nov 18)
    - Sun Security Bulletin #00179 Aleph One (Nov 18)
    - Re: Sun Security Bulletin #00179 Jonathan A. Zdziarski (Nov 19)
- Re: WWWBoard Vulnerability Spartak Radchenko (Nov 10)
  - Re: WWWBoard Vulnerability Samuel Sparling (Nov 10)
- world-readable shadow backups in SuSe 5.2 HD Moore (Nov 10)
  - mSQL dummies Peter Boutzev (Nov 11)
  - Re: world-readable shadow backups in SuSe 5.2 Erik (Nov 11)
    - Bootpd 2.4.3 tmp race Marcelo Tosatti (Nov 12)
    - Re: world-readable shadow backups in SuSe 5.2 Roman Drahtmueller (Nov 12)
    - More msql... Peter Boutzev (Nov 12)
  - Re: world-readable shadow backups in SuSe 5.2 Andrew Pitman (Nov 11)
  - Re: world-readable shadow backups in SuSe 5.2 xnec (Nov 11)