Re: Possible exploit?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

by sanitize i mean just check that u dont directly put the data coming from cmd or command to exec() or functions that might compromise the security of your system. By url i mean example:
yoursite.com/sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&shopid=http://www.google.com/humans.txt?
would show you what he got



On Thu, Feb 13, 2014 at 2:08 AM, Knute Johnson <apache@xxxxxxxxxxxxxxxx> wrote:
On 2/12/2014 08:43, rahul bhola wrote:
because of HTTP Response 302 a safe bet would be to say he didnt get
anything still i would recommend you to sanitize the data u get from
parameter command and cmd.
Also simply go to the url to see what he saw

To what URL?  What do you mean sanitize?


Thanks,

--

Knute Johnson

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




--
Rahul Bhola
B.E.
computers
Core Member
Department of backstage
Bits Pilani KK Birla Goa Campus
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux