[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: HACKED [mv] eWeek using Minivend in our openhack project

To: minivend-users@minivend.com
Subject: Re: HACKED [mv] eWeek using Minivend in our openhack project
From: Alexander Lazic <all@gmx.at>
Date: Wed, 5 Jul 2000 09:34:36 +0200 (MEST)
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from Alexander Lazic <all@gmx.at>     ******

Hi,

> I haven't seen any other messages concerning this issue..i did the
> test....and i also tried in several other pages but didnt worked, just
in
> view_page, so my guess is that this security problem affects view_page
> only...
> Someone else has any other info concerning this?

so i think, but there are some other parameters which can hold filenames
such as sp,np,... .

> > --cut here---
> > return undef if ! open(READIN, $file);
> > --cut here---

I prefere when i open a file to always use some Redirector such as "<" ">"
thus it is not so easy for a hacker to add another redirector. 

It's imho some security addon ;-)

al ;-)

-- 
Sent through GMX FreeMail - http://www.gmx.net

-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

Prev by Date: Re: HACKED [mv] eWeek using Minivend in our openhack project
Next by Date: Re: HACKED [mv] eWeek using Minivend in our openhack project
Prev by thread: RE: HACKED [mv] eWeek using Minivend in our openhack project
Next by thread: [mv] page with only one ordered item and full basket functionality
Index(es):
- Date
- Thread