BugTraq ID: 1728 Remote: Yes Date Published: 2000-09-29 Relevant URL: http://www.securityfocus.com/bid/1728 Summary: mod_rewrite is a module shipped with Apache 1.2 and later. It is used to map special URLS to absolute files on the web server's filesystem. If a RewriteRule directive is expressed whose result maps to a filename containing regular expression references, the result may provide an attacker with the ability to view arbitrary files on the host. example RewriteRule directives: (only the first is vulnerable) RewriteRule /test/(.*) /usr/local/data/test-stuff/$1 RewriteRule /more-icons/(.*) /icons/$1 RewriteRule /go/(.*) http://www.apacheweek.com/$1 (excerpted from Apache development list 09-22) -- Pour poster une annonce: [EMAIL PROTECTED]
