AJ wrote:
How can we test that the patch is working? Is there a way to cause the log
message to be written to the mischief log? Just want to make sure the patch is
working, any help would be great.
Principally, add /../ in your browser's url box after authenticate yourself for the private archive page:
http://your.host/mailman/private/yourlist/../
But my browser is clever enough to strip this to http://your.host/mailman/private/ :-<
Note that this is not an exploit. You will find other malicious attempts in logs/error.
-- Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp http://weather.is.kochi-u.ac.jp/
------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
