Date: Sun, 1 Oct 2000 05:30:35 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Igor Roshchin <str@giganda.komkon.org> Cc: security@freebsd.org Subject: Re: A new problem in apache ? Message-ID: <20001001053035.A26403@nagual.pp.ru> In-Reply-To: <200010010102.VAA41966@giganda.komkon.org>; from str@giganda.komkon.org on Sat, Sep 30, 2000 at 09:02:15PM -0400 References: <200010010102.VAA41966@giganda.komkon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 30, 2000 at 09:02:15PM -0400, Igor Roshchin wrote: > > > Here are some example RewriteRule directives. The first is vulnerable, but the others are not > > > > > > RewriteRule /test/(.*) /usr/local/data/test-stuff/$1 Looks like famous ../../../ trick can be used. > > > RewriteRule /more-icons/(.*) /icons/$1 > > > RewriteRule /go/(.*) http://www.apacheweek.com/$1 -- Andrey A. Chernov <ache@nagual.pp.ru> http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001001053035.A26403>