Micheal Espinola Jr wrote:
To reiterate - this is a quick fix. It will prevent any files with the extensions other than .css, .gif, .jpg, and .png from being accessed. It does *not* stop traversals, but the threat is minimized for now. This needs to be replaced in (2) places in assp.pl. The first location is what assp.pl uses for the primary web page, the second is used for the Editor pop-up window for editing list files. In that location, you will have to add "txt" to the list of files, or you wont be able to edit them via the web interface. But of you do - you open yourself to that file-type being opened possibly from within other locations. I am looking into a better solution with the help of *Geniusfreak* off-line. |
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
