Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: unarj dir-transversal bug (../../../..)

From: Chris Umphress <umphress () gmail com>
Date: Mon, 11 Oct 2004 03:38:38 -0700
That was certainly a useful explanation. Isn't stuff on this list
supposed to be readable? Anyhow, if I'm reading what you've said
correctly, it's supposed to work that way. Most programs pass the
"../" (or "..\") to the OS to handle.

-- Chris

On Sun, 10 Oct 2004 15:43:10 -0700, doubles () hush com <doubles () hush com> wrote:

yyoo  wwaassssuupppp????????????????  ddoouubblleess  iiss  hheerree
 ttoo
rroocckk  ddaa  hhoouussee  nndd  ttoo  tthhrrooww  uunnaarrjj  ddiirr-
-
ttrraannssvveerrssaall  bbuugg  iinn  yyaarr  ffaaccee!!  ''''uunnaarrjj
ee''''  uunnppaacckkss  aallll  ddaa  sshhiitt  ttoo  ddaa  ccuurrrreenntt
ddiirr  ''''uunnaarrjj  xx''''  uunnppaacckkss  ttoo  mmaannyy  ddiirrss
 nndd
iitt  aaiinntt  ggoonnnnaa  cczzeecchh  iiff  yyoouu  hhaavvee  ddaa
 eevviill
''''....//....//....//....//....//....''''  sshhiitt  iinn  ddaa  ppaatthh!!
ddoouubblleess

Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




-- 
Chris Umphres <http://daga.dyndns.org/>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: