On Tue, Sep 21, 1999 at 03:51:09PM -0700, Mark Jeftovic wrote:
> At 01:24 PM 9/20/99 +0100, Chris Ridd wrote:
> >Does anyone maintain a list of WWWBoard bugs? (As Matt Wright clearly
> >isn't interested...)
> >
>
> Doesn't look like it. I posted a vulnerability in his guestbook script
> to this list about 2 years ago (ironically entitled "Guestbook script
> is still vulnerable") and looking at it today ...the guestbook script
> is still vulnerable.
Matt Wright is one of the worst, but check out
http://www.ultimatebb.com/home/firsttimeinstall.html for a few
good laughs:
"UNIX and All Others: If you are installing on a UNIX-based server, you
must set your permissions as follows:
Set your NON CGI directory to 777.
Set your Members Directory to 777.
Within the Members directory, set the Admin5.cgi to 777, as well.
Set your CGI Directory to 755. Within the CGI directory, set all files to 755,
except for the variable files (mods.file, Styles.file, UltBB.setup
and forums.cgi), which should be set to mode 777.
If your web server does not allow you to have files set to mode 777 within
the CGI directory, you will need to make the changes noted here. Most web
servers do not have this restriction. "
Not even a note that this could be bad.
Patrick
--
Patrick Oonk - PO1-6BONE - [EMAIL PROTECTED] - www.pine.nl/~patrick
Pine Internet B.V. PGP key ID BE7497F1
Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://www.pine.nl/
-- Pine Security Digest - http://security.pine.nl/ (Dutch) ----
Excuse of the day: Digital Manipulator exceeding velocity
parameters
PGP signature
