http://d.puremagic.com/issues/show_bug.cgi?id=11365
--- Comment #2 from Vladimir Panteleev <[email protected]> 2013-10-27 01:06:08 EEST --- One thing I forgot to mention regarding name auto-correction. Perhaps, the most famous security problem caused by such a mis-feature, is the "MultiViews" feature in the Apache web server. When enabled, a request for foo.php could execute foo.php.txt if foo.php was not found. This allowed bypassing upload script validation checks. Search the web for "MultiViews vulnerability" for more details. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------
