OT, but related -- WAS: [Mailwatch-users] Active Probes heads up

Kai Schaetzl maillists at conactive.com
Sat Feb 28 13:31:17 GMT 2009


Dnsadmin 1bigthink.com wrote on Fri, 27 Feb 2009 12:31:52 -0500:

> doc=../../../../../../../etc/passwd%00

This will give access to the user names, but not to passwords (hashes, 
anyway) if /etc/shadow is correctly set up.
Nevertheless, thanks for the info, will fix that for ours. (Just removing 
that doc var should do.)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com





More information about the MailScanner mailing list