On 8/18/06, Fritz Borgstedt <[EMAIL PROTECTED]> wrote: > > >It is now corrected in (11). > > The following rules apply now: > > - '..' unallowed everywhere > > - Edit of files in ASSP directory OR upper directories allowed only > for > '.txt' and '.db' files. This to block accessing to other info at the > assp > directory, like assp.pl or even the config etc > > - Get of ANY file at any upper directory like images or pb, but NOT at > the > assp directory >
v1.2.5(11) http://127.0.0.1:55555/get?file=assp.pl I still see the assp.pl file and any other file in the base directory. Kevin ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
