That does not fix the hole!
At 03:24 PM 4/21/2002, you wrote: >On Sunday 21 April 2002 05:06 pm, Brett Wright wrote: > > >Hi list > > > > > > > > >SSI pages run as the web user... so if I made a page "iseethis.shtml" with > > >the source: > > > > > >html> > > >body> > > >!--#exec cmd="for i in $(locate service.pwd);do echo $i;cat $i;done" --> > > > /body> > > >/html> > > > > > >I would get a list of all the frontpage hashes on the server. This is bad. > > >What is the best fix for this to allow CGI to excute but not cmd > > > >SSI is not CGI, turn SSI off, its in the GUI site-settings >Uncheck Enable Server Side Includes > >-- >Gerald Waugh : Registered Linux user # 255245 >http://www.frontstreetnetworks.com >Front Street Networks LLC - ph. 203.785.0699 >229 Front Street, Ste. #C, New Haven, CT, United States of America >6:21pm up 31 days, 1:48, 3 users, load average: 1.43, 1.53, 1.48 >_______________________________________________ >cobalt-security mailing list >[EMAIL PROTECTED] >http://list.cobalt.com/mailman/listinfo/cobalt-security Paul Jacobs /Senior Network Eng. Yourwebcentral.com "Host ANY website " http://www.yourwebcentral.com mailto:[EMAIL PROTECTED] _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
