W3C home > Mailing lists > Public > www-validator@w3.org > July 2000

Hi.. Big Security Problem

From: Guzmán Brasó <beep@thc.techfreak.to>
Date: Sat, 29 Jul 2000 18:52:30 -0400 (EDT)
Message-ID: <39835F9F.B7FF0866@thc.techfreak.to>
To: www-validator@w3.org


Few minutes ago i post a message talkin about the vulneability
of the service which was made public today on Bugtraq List.
I post it to Bugtraq-es (Spanish Version), with some workaround
more than in bugtraq but waas in spanish (if some of u know spanish
feel free to search the bugtraq-es arvhices through
www.securityfocus.com.

In my mail i post it an easy patch which check before read the
url to check the uri type. In this case, only allow 'http'.

exit if (substr($url,0,4) ne "http");


just that.

greets

enan0.
P.d: I'm not subscribed to the list, if u need to contact me
please do it by my e-mail.
-- 
Interrumpi mi enseñanza a los 6 años para ir a la escuela!
TCN - Montevideo, Uruguay.
Key id:0x2A15E289
Received on Monday, 31 July 2000 04:31:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 25 April 2012 12:13:54 GMT