Vulnerability Development mailing list archives
Re: CGI source being exposed using "~"
From: phi-vuldev () EXORSUS NET (phi-vuldev () EXORSUS NET)
Date: Mon, 8 May 2000 12:01:43 +1000
Heh. Real simple problem there :) Unix editors often leave backups as <originalfilename>~, your ISP is foolish enough to leave these files lying around in their web tree. You're just downloading the old versions of the scripts since the last edit with emacs, or vi or joe. A simple deny for *~ in the Apache config would fix it, preferably paired with something that regularly goes around deleting ~ files in the web tree. Beware that a fair few websites can suffer from this problem. We deny *~ *.old *.bak *.backup etc etc Phi
Current thread:
- CGI source being exposed using "~" Nathan Einwechter (May 07)
- Re: CGI source being exposed using "~" Jonathan Williams (May 07)
- Re: CGI source being exposed using "~" Brian Hatch (May 07)
- Re: CGI source being exposed using "~" Richard Stevenson (May 07)
- Re: CGI source being exposed using "~" Pete Krawczyk (May 07)
- Re: CGI source being exposed using "~" phi-vuldev () EXORSUS NET (May 07)
- Re: CGI source being exposed using "~" Andrew Reisse (May 07)
- Re: CGI source being exposed using "~" Pavel Kankovsky (May 09)
- Re: CGI source being exposed using "~" javier (May 07)
- Re: CGI source being exposed using "~" Joe (May 08)
- Re: CGI source being exposed using "~" Bluefish (May 09)
- Re: CGI source being exposed using "~" Arturo Busleiman (May 08)
- Re: CGI source being exposed using "~" Jordan Dimov (May 08)
- Re: CGI source being exposed using "~" Adam Clarke (May 08)
- Re: CGI source being exposed using Labu Labi (May 08)
- <Possible follow-ups>
- Re: CGI source being exposed using "~" Jeremy Gaddis (May 07)
(Thread continues...)