On Sat, Feb 05, 2005 at 02:41:35AM +0200, Lars Wirzenius wrote: > I've looked again at Debian bug #284875 and I can't see how to reproduce > the fourth part, either: > > > (4) Just about any stupid hack will work with wget. %00 bytes (see the > > POC) and other %-escaped control characters handling, symlink attacks: > > > > $ cd /tmp > > $ ln -s index.html /path/to/foo > > $ wget -x http://localhost/ > > -> /path/to/foo > > In my tests wget does sanitize the input, so these attacks would seem to > be fruitless. Could you explain in further detail how to reproduce this?
Which version? What command exactly? -- )^o-o^| jabber: [EMAIL PROTECTED] | .v K e-mail: jjminar FastMail FM ` - .' phone: +44(0)7981 738 696 \ __/Jan icq: 345 355 493 __|o|__Minář irc: [EMAIL PROTECTED]
pgp0OMDlow8Qz.pgp
Description: PGP signature
