[HECnet] Security hole in CSWS
Sampsa Laine
sampsa at mac.com
Mon Sep 21 22:15:37 PDT 2009
Cool, thanks for that, I'll put it into my advisory if I issue one, with credit to you of course :)
Sampsa
On 21 Sep 2009, at 22:12, Dennis Boone wrote:
Yes, I have reported it to VMS engineering in India about an hour ago
(well I assume in India, the guys had subcontinent accents) and they
said they'd get back to me.
In the meantime, if CSWS has mod_rewrite, you might be able to produce a
temporary fix in the form of a rewrite rule that rips the ;* off the end[1]
of .php urls.
[1] Well, ok, might be the middle too, if it's a GET with parameters,
but that's just a slightly more involved pattern.
De
More information about the Hecnet-list
mailing list