Hi, I'm sorry for mailing you again, but I'm not able to locate the BugTraq message.
Also, when I make an http request like this, http://xxx.yyy.zzz/cgi-bin/htsearch?-c/var/search_engine/htdig/search-mysite /conf/, it does not seem to be reading from my configuration file (/var/search_engine/htdig/search-mysite/conf/htdig.conf), as it gives me an error saying "Unable to read word database file '/var/search_engine/htdig/search-mysite/db/db.words.db' Did you run htmerge?". My database directory is set in the configuartion file to be '/var/search_engine/htdig/search-mysite/db_dir/' where all the database files reside. When I run the htsearch as an http request without the -c option, it takes the correct configuration file and does everything perfectly. Am I testing the security problem on my site in the wrong way? Thanks, Sandeep ----- Original Message ----- From: "Geoff Hutchison" <[EMAIL PROTECTED]> To: "Sandeep Hulsandra" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, October 25, 2001 11:18 PM Subject: Re: [htdig] Question on the security issue for htdig3.1.5 > At 5:42 PM -0400 10/25/01, Sandeep Hulsandra wrote: > >Just wanted to know how this its possible to use a command line > >argument from an http request? > > The message on SourceForge points you to the BugTraq message, which > gives the example of: > > http://www.foo.com/cgi-bin/htsearch?-c/path/to/foo > > -- > -- > -Geoff Hutchison > Williams Students Online > http://wso.williams.edu/ > _______________________________________________ htdig-general mailing list <[EMAIL PROTECTED]> To unsubscribe, send a message to <[EMAIL PROTECTED]> with a subject of unsubscribe FAQ: http://htdig.sourceforge.net/FAQ.html
