[8494] in bugtraq
Re: WWWBoard Vulnerability
daemon@ATHENA.MIT.EDU (Spartak Radchenko)
Tue Nov 10 18:49:09 1998
Date: Tue, 10 Nov 1998 14:11:39 +0300
Reply-To: Spartak Radchenko <spartak@AIF.RU>
From: Spartak Radchenko <spartak@AIF.RU>
X-To: Samuel Sparling <sparling@SLIP.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199811091701.MAA29170@netspace.org>
I advise you not to use any of Matt Wright programs. According to my
experience they are full of various bugs (at least, the program that I
tried to use).
I tried to use his Web counter (TextCounter C++ Version 1.3) and it was
full of absolutely lame errors. His attemts to invent a new way of
file locking was simply ridiculous. After several attempts to correct
these errors I came to conclusion that its design is invalid beyond repair
and simply rewrote it from the scratch.
An example from
http://www.worldwidemart.com/scripts/cgi-bin/c_download.cgi?s=textcounter&c=txt&f=tcounter.cpp:
// Generate the lock filename.
lock_file = new char[count_page_len + 4];
strcat(lock_file,data_dir);
strcat(lock_file,count_page);
strcat(lock_file,".lck");
No comments...
My email to Matt Wright about these bugs was ignored.
Spartak Radchenko SVR1-RIPE
Arguments & Facts Weekly
On Mon, 9 Nov 1998, Samuel Sparling wrote:
> Recently, many vulnerabilities have been found in the popular "WWWBoard
> v2.0 ALPHA" script written by Matt Wright, this is yet another. When the
