[1092] in WWW Security List Archive
Re: Unix links subverting Web security
daemon@ATHENA.MIT.EDU (Lincoln D. Stein)
Fri Oct 27 14:54:49 1995
Date: Fri, 27 Oct 1995 10:55:15 -0500
To: www-security@ns2.rutgers.edu
From: lstein@genome.wi.mit.edu (Lincoln D. Stein)
Errors-To: owner-www-security@ns2.rutgers.edu
Don't forget that remote users can view .htaccess with ease just by asking
for the URL!
http://your-site/.htaccess
Lincoln
>At 11:31 AM 10/26/95, Steff Watkins wrote:
>
>> Hello all,
>>
>> forgive me if this is an 'FAQ' type of question.
>>
>> Using the CERN/3.0 WebServer (I haven't tried it with NCSA yet), I noticed
>> the following.
>>
>> I logged in as myself (in normal user mode), changed to the 'USER_DIR' of my
>> account and then did the following:
>>
>> ln -s /etc/passwd test.doc
>
>It just occured to me that if you're going to troll for these, you ought to
>look under the name ".htaccess".
>
>At first I thought, "why would a user do something that stupid." Then I
>thought of a reason someone might. ~sigh~
>
>Chris
>
>Chris Garrigues cwg@DeepEddy.Com
> Deep Eddy Internet Consulting +1 512 432 4046
> 609 Deep Eddy Avenue
> Austin, TX 78703-4513 USA http://www.DeepEddy.Com/~cwg/
========================================================================
Lincoln Stein, M.D.,Ph.D. lstein@genome.wi.mit.edu
Director: Informatics Core
MIT Genome Center (617) 252-1916
Whitehead Institute for Biomedical Research (617) 252-1902 FAX
One Kendall Square
Cambridge, MA 02139
=================http://www-genome.wi.mit.edu/~lstein====================
