Re: New Protector is testing now

List posts in the topic

Re: New Protector is testing now

msg# 1.1.1.1.1.1.1

depth:

6

Previous post - Next post | Parent - Children.1 | Posted on 2004/12/20 6:40 | Last modified

GIJOE    Posts: 4110

hi Yuji.

If a wrapping module which accepts filename via GET exists, there is a possiblity that a vulnerablity exits like this:

http://(your site)/modules/badmodule/?page=../../mainfile.php

This can display the content of manfile.php
(Of course, this is just a sample.)

So, protector inhibits '../' patterns which looks like file specifications.

Votes:0 Average:0.00

Posts tree

• Re: New Protector is testing now (tl, 2004/12/15 10:41)
  • Re: New Protector is testing now (FutureSpy, 2004/12/16 3:16)
    • Re: New Protector is testing now (GIJOE, 2004/12/16 15:41)
      • Re: New Protector is testing now (FutureSpy, 2004/12/16 23:05)
        • Re: New Protector is testing now (GIJOE, 2004/12/18 5:47)
          • Re: New Protector is testing now (FutureSpy, 2004/12/18 7:34)
            • Re: New Protector is testing now (GIJOE, 2004/12/20 6:40)
              • Re: New Protector is testing now (FutureSpy, 2004/12/21 7:14)
                • Re: New Protector is testing now (GIJOE, 2004/12/21 7:28)
                  • Re: New Protector is testing now (irmtfan, 2004/12/29 1:37)
                    • Re: New Protector is testing now (GIJOE, 2004/12/29 13:08)
                  • Re: New Protector is testing now (FutureSpy, 2004/12/21 22:53)
  • Re: New Protector is testing now (GIJOE, 2004/12/16 16:00)
    • Re: New Protector is testing now (tl, 2004/12/17 1:59)