- From: Guzmán Brasó <beep@thc.techfreak.to>
- Date: Sat, 29 Jul 2000 18:52:30 -0400 (EDT)
- To: www-validator@w3.org
Few minutes ago i post a message talkin about the vulneability of the service which was made public today on Bugtraq List. I post it to Bugtraq-es (Spanish Version), with some workaround more than in bugtraq but waas in spanish (if some of u know spanish feel free to search the bugtraq-es arvhices through www.securityfocus.com. In my mail i post it an easy patch which check before read the url to check the uri type. In this case, only allow 'http'. exit if (substr($url,0,4) ne "http"); just that. greets enan0. P.d: I'm not subscribed to the list, if u need to contact me please do it by my e-mail. -- Interrumpi mi enseñanza a los 6 años para ir a la escuela! TCN - Montevideo, Uruguay. Key id:0x2A15E289
Received on Monday, 31 July 2000 04:31:59 UTC