OT,
but related -- WAS: [Mailwatch-users] Active Probes heads up
Kai Schaetzl
maillists at conactive.com
Sat Feb 28 13:31:17 GMT 2009
Dnsadmin 1bigthink.com wrote on Fri, 27 Feb 2009 12:31:52 -0500:
> doc=../../../../../../../etc/passwd%00
This will give access to the user names, but not to passwords (hashes,
anyway) if /etc/shadow is correctly set up.
Nevertheless, thanks for the info, will fix that for ours. (Just removing
that doc var should do.)
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the MailScanner
mailing list