W3C home > Mailing lists > Public > www-validator@w3.org > July 2000

Hi.. Big Security Problem

From: Guzmán Brasó <beep@thc.techfreak.to>
Date: Sat, 29 Jul 2000 18:52:30 -0400 (EDT)
Message-ID: <39835F9F.B7FF0866@thc.techfreak.to>
To: www-validator@w3.org

Few minutes ago i post a message talkin about the vulneability
of the service which was made public today on Bugtraq List.
I post it to Bugtraq-es (Spanish Version), with some workaround
more than in bugtraq but waas in spanish (if some of u know spanish
feel free to search the bugtraq-es arvhices through

In my mail i post it an easy patch which check before read the
url to check the uri type. In this case, only allow 'http'.

exit if (substr($url,0,4) ne "http");

just that.


P.d: I'm not subscribed to the list, if u need to contact me
please do it by my e-mail.
Interrumpi mi enseñanza a los 6 años para ir a la escuela!
TCN - Montevideo, Uruguay.
Key id:0x2A15E289
Received on Monday, 31 July 2000 04:31:59 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 November 2015 11:01:11 UTC