>From a hostile standpoint, a sendmail server allowing VRFY is considered
bad,
/let alone giving the hacker detailed uid/gid structure of your system.
Jason
----- Original Message -----
From: "Ignacio Vazquez-Abrams" <[EMAIL PROTECTED]>
To: "Toby Butzon" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, January 19, 2001 9:02 AM
Subject: Re: [PHP-DEV] PHP 4.0 Bug #8795: Recieved POST-form-data is
unexpectedly escaped with backslashes
> On Thu, 18 Jan 2001, Toby Butzon wrote:
>
> > As a side note, check this link out ;)
> > http://[removed]?file=/etc/passwd
> >
> > --Toby
> >
>
> Oh come on. Exposing this file even with shadow passwords in place is
still a
> HUGE risk, because now your userids are exposed and your system is
vulnerable
> to a brute-force attack. Never, EVER, do something as silly as this,
> especially in a public forum.
>
> --
> Ignacio Vazquez-Abrams <[EMAIL PROTECTED]>
>
>
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
