On Tuesday, September 30, 2003 11:24 AM [GMT+0800=SGT], Raj Mathur <[EMAIL PROTECTED]> wrote:
>>>>>> "Sandip" == Sandip Bhattacharya <[EMAIL PROTECTED]> >>>>>> writes: > > Sandip> Raj Mathur wrote: > >> [Please upgrade if you use webfs on any platform -- Raju] > >> > >> > >> CAN-2003-0832 - When virtual hosting is enabled, a remote > >> client could specify ".." as the hostname in a request, > >> allowing retrieval of directory listings or files above > the >> document root. > > Sandip> This is so crazy! > > Hmm, why? Because I would assume the author would check at least this code path. -- Sanjeev, who last programmed 10 years ago in COBOL, and ran. _______________________________________________ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
