OT, but related -- WAS: [Mailwatch-users] Active Probes heads up

Kai Schaetzl maillists at conactive.com
Sat Feb 28 13:31:17 GMT 2009

Dnsadmin 1bigthink.com wrote on Fri, 27 Feb 2009 12:31:52 -0500:

> doc=../../../../../../../etc/passwd%00

This will give access to the user names, but not to passwords (hashes, 
anyway) if /etc/shadow is correctly set up.
Nevertheless, thanks for the info, will fix that for ours. (Just removing 
that doc var should do.)


Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

More information about the MailScanner mailing list