On 18/09/15 01:30, Johnny Chin wrote:
Thank you for that flag. I was unaware of that.
Can that flag be set as default in the wgetrc?
I have users that used the old wget to get files from our servers that
needs it.
Yes, you can set |trust-server-names| in |~/.wgetrc| *but* you are
reintroducing CVE-2010-2252.
It would be much better if they explicitely provided the flag (only when
needed) or a filename:
wget http://downloads.malwarebytes.org/file/mbam/ -O latest-mbam-setup.exe
Also note, they can rename index.html to mbam-setup.exe
