On Wed, 2005-12-28 at 16:29 -0700, Mark Stang wrote: > David, > Could you provide more details about how they accessed /etc/passwd? > > thanks, > > Mark >
It was an url something like: Old Tapestry 3.0: http://someserver/app/?service=asset&sp=S%2f..%2f..%2fetc%2fpasswd Tapestry 3.0.3 adds a second squeezed parameter embedded in the CGI parameter sp which contains the message digest. Tapestry 4.0 should look something like: http://server/app/?service=asset&path=..%2f..%2f..%2fetc% 2fpasswd&digest=an-md5-key Hope that helps. David WHITE --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
