[HECnet] Security hole in CSWS
Sampsa Laine
sampsa at mac.com
Tue Sep 22 19:26:00 PDT 2009
Dennis,
I've got the rule down to:
RewriteRule (;[0-9]*\?)|(;[0-9]*$) /
but this is not ideal, as I don't really want to replace the ; with a /, just drop it but can't figure out the syntax for "replace with nothing".
Any ideas?
Sampsa
On 21 Sep 2009, at 22:12, Dennis Boone wrote:
Yes, I have reported it to VMS engineering in India about an hour ago
(well I assume in India, the guys had subcontinent accents) and they
said they'd get back to me.
In the meantime, if CSWS has mod_rewrite, you might be able to produce a
temporary fix in the form of a rewrite rule that rips the ;* off the end[1]
of .php urls.
[1] Well, ok, might be the middle too, if it's a GET with parameters,
but that's just a slightly more involved pattern.
De
More information about the Hecnet-list
mailing list