> I'm always shocked to see the amount of programs that doesn't check this > very obvious thing (in microsoft's case, even the webserver itself!!!) > I don't see why the webserver should even UNDERSTAND what ".." is (in a > url, that is). Just a technical note - its not the webserver software which interprets the ".." its the under-lying operating system. The sofware has to be written to specifically ignore certain paths such as ".." Mark. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
- [cobalt-security] Cobalt Cube Webmail directory traversa... Gossi The Dog
- Re: [cobalt-security] Cobalt Cube Webmail directory... shimi
- Re: [cobalt-security] Cobalt Cube Webmail directory... Mark Anderson
- Re: [cobalt-security] Cobalt Cube Webmail directory... shimi
- Re: [cobalt-security] Cobalt Cube Webmail direc... Mark Anderson
- Re: [cobalt-security] Cobalt Cube Webmail direc... Gossi The Dog
- Re: [cobalt-security] Cobalt Cube Webmail directory... Steve Werby
- Re: [cobalt-security] Cobalt Cube Webmail directory... Steve Werby
- Re: [cobalt-security] Cobalt Cube Webmail directory... Gossi The Dog
- Re: [cobalt-security] Cobalt Cube Webmail directory... Steve Werby
- Re: [cobalt-security] Cobalt Cube Webmail direc... Carrie Bartkowiak
