[8497] in bugtraq
Re: WWWBoard Vulnerability
daemon@ATHENA.MIT.EDU (Samuel Sparling)
Wed Nov 11 12:11:34 1998
Date: Tue, 10 Nov 1998 22:56:08 -0800
Reply-To: Samuel Sparling <sparling@SLIP.NET>
From: Samuel Sparling <sparling@SLIP.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSF.3.96.981110133854.22092A-100000@oberon.aif.ru>
I'd like to mention that the patch I gave a few days ago (in the "WWWBoard
Vulnerability" posting), also protects against other bogus followup errors
(whereas, w/o the patch, somebody using the exploit script, or just a form,
could post w/ an followup value of for instance "44,blah", and the script
would create a file called blah.html.) Although the file created when doing
that is empty, it will not show up in the "WWWAdmin" script, other than
that, there isn't any problem I've yet found with that.
Samuel Sparling
