[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)
- To: Full-disclosure <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)
- From: Chris Umphress <umphress@xxxxxxxxx>
- Date: Mon, 11 Oct 2004 03:38:38 -0700
That was certainly a useful explanation. Isn't stuff on this list
supposed to be readable? Anyhow, if I'm reading what you've said
correctly, it's supposed to work that way. Most programs pass the
"../" (or "..\") to the OS to handle.
-- Chris
On Sun, 10 Oct 2004 15:43:10 -0700, doubles@xxxxxxxx <doubles@xxxxxxxx> wrote:
> yyoo wwaassssuupppp???????????????? ddoouubblleess iiss hheerree
> ttoo
> rroocckk ddaa hhoouussee nndd ttoo tthhrrooww uunnaarrjj ddiirr-
> -
> ttrraannssvveerrssaall bbuugg iinn yyaarr ffaaccee!! ''''uunnaarrjj
> ee'''' uunnppaacckkss aallll ddaa sshhiitt ttoo ddaa ccuurrrreenntt
> ddiirr ''''uunnaarrjj xx'''' uunnppaacckkss ttoo mmaannyy ddiirrss
> nndd
> iitt aaiinntt ggoonnnnaa cczzeecchh iiff yyoouu hhaavvee ddaa
> eevviill
> ''''....//....//....//....//....//....'''' sshhiitt iinn ddaa ppaatthh!!
> ddoouubblleess
>
> Concerned about your privacy? Follow this link to get
> secure FREE email: http://www.hushmail.com/?l=2
>
> Free, ultra-private instant messaging with Hush Messenger
> http://www.hushmail.com/services-messenger?l=434
>
> Promote security and make money with the Hushmail Affiliate Program:
> http://www.hushmail.com/about-affiliate?l=427
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--
Chris Umphres <http://daga.dyndns.org/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html