I may have forgotten to post my apology to the list.
Someone already pointed out to me that sending this to the list was stupid,
and I sincerely apologize. There's no excuse for what I did and I
understand; I'll be more careful.
Regards,
--Toby
----- Original Message -----
From: "Jason Greene" <[EMAIL PROTECTED]>
To: "Ignacio Vazquez-Abrams" <[EMAIL PROTECTED]>; "Toby Butzon"
<[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, January 19, 2001 12:27 PM
Subject: Re: [PHP-DEV] PHP 4.0 Bug #8795: Recieved POST-form-data is
unexpectedly escaped with backslashes
> From a hostile standpoint, a sendmail server allowing VRFY is considered
> bad,
> /let alone giving the hacker detailed uid/gid structure of your system.
>
> Jason
> ----- Original Message -----
> From: "Ignacio Vazquez-Abrams" <[EMAIL PROTECTED]>
> To: "Toby Butzon" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Friday, January 19, 2001 9:02 AM
> Subject: Re: [PHP-DEV] PHP 4.0 Bug #8795: Recieved POST-form-data is
> unexpectedly escaped with backslashes
>
>
> > On Thu, 18 Jan 2001, Toby Butzon wrote:
> >
> > > As a side note, check this link out ;)
> > > http://[removed]?file=/etc/passwd
> > >
> > > --Toby
> > >
> >
> > Oh come on. Exposing this file even with shadow passwords in place is
> still a
> > HUGE risk, because now your userids are exposed and your system is
> vulnerable
> > to a brute-force attack. Never, EVER, do something as silly as this,
> > especially in a public forum.
> >
> > --
> > Ignacio Vazquez-Abrams <[EMAIL PROTECTED]>
> >
> >
> > --
> > PHP Development Mailing List <http://www.php.net/>
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail:
[EMAIL PROTECTED]
> >
>
>
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
