Maybe thats old:
>From [EMAIL PROTECTED]
_____
I have just tried version 1.3.1, and it properly returns 401 code when
trying to access '..' paths.
Looks like you have been testing some older version.
_____
>
> hehe, did you see bugtraq this morning? This is an excerpt from Hackerslab
> ([EMAIL PROTECTED])
> ______
> If use 'ntop' in web mode, it's web root is "/etc/ntop/html".
>
> It's web mode is not check URL path.
>
> So if URL is "http://URL:port/../../shadow", remote user will
> read all file.
> ______
>
> Cheers,
> Marty
>
>
>
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug
>
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
