gnump3d-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnump3d-users] Security: HUGE security hole


From: Steve Kemp
Subject: Re: [Gnump3d-users] Security: HUGE security hole
Date: Tue, 20 Jul 2004 21:06:15 +0100
User-agent: Mutt/1.3.28i

On Tue, Jul 20, 2004 at 04:11:28PM -0400, Boris Kurktchiev wrote:
> Ok didn't expect this but I just finished running a nessus scan on my machine 
> and it came back with one of the most infamous holes ever in gnump3d if you 
> do: http://localhost:8888../../../../../../etc/passwd it displays the 
> file.... thats BAD. The report also said that the server is vulnerable to jsp 
> scrip execution like this:
> http://localhost:8888/<SCRIPT>alert('Vulnerable')</SCRIPT>.jsp
> but I couldn't get this to work. PLEASE fix the first hole though.

  The latest version of the code is not vulnerable to this attack.

  The javascript / XSS attack is irrelevent as cookies are not used
 for any authentication.

Steve
--

> 
> 
> _______________________________________________
> Gnump3d-users mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/gnump3d-users

-- 
Steve
---
Edinburgh System Administrator : Linux, UNIX, Windows
Looking for an interesting job : http://www.steve.org.uk/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]