Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)

From: Chris Umphress (umphress_at_gmail.com)
Date: 10/11/04

  • Next message: doubles_at_hush.com: "Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)"
    To: Full-disclosure <full-disclosure@lists.netsys.com>
    Date: Mon, 11 Oct 2004 03:38:38 -0700
    
    

    That was certainly a useful explanation. Isn't stuff on this list
    supposed to be readable? Anyhow, if I'm reading what you've said
    correctly, it's supposed to work that way. Most programs pass the
    "../" (or "..\") to the OS to handle.

    -- Chris

    On Sun, 10 Oct 2004 15:43:10 -0700, doubles@hush.com <doubles@hush.com> wrote:
    > yyoo wwaassssuupppp???????????????? ddoouubblleess iiss hheerree
    > ttoo
    > rroocckk ddaa hhoouussee nndd ttoo tthhrrooww uunnaarrjj ddiirr-
    > -
    > ttrraannssvveerrssaall bbuugg iinn yyaarr ffaaccee!! ''''uunnaarrjj
    > ee'''' uunnppaacckkss aallll ddaa sshhiitt ttoo ddaa ccuurrrreenntt
    > ddiirr ''''uunnaarrjj xx'''' uunnppaacckkss ttoo mmaannyy ddiirrss
    > nndd
    > iitt aaiinntt ggoonnnnaa cczzeecchh iiff yyoouu hhaavvee ddaa
    > eevviill
    > ''''....//....//....//....//....//....'''' sshhiitt iinn ddaa ppaatthh!!
    > ddoouubblleess
    >
    > Concerned about your privacy? Follow this link to get
    > secure FREE email: http://www.hushmail.com/?l=2
    >
    > Free, ultra-private instant messaging with Hush Messenger
    > http://www.hushmail.com/services-messenger?l=434
    >
    > Promote security and make money with the Hushmail Affiliate Program:
    > http://www.hushmail.com/about-affiliate?l=427
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >

    -- 
    Chris Umphres <http://daga.dyndns.org/>
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: doubles_at_hush.com: "Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)"