Return-Path: 
 <dev-return-19392-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 98152 invoked by uid 500); 23 Aug 2001 22:46:49 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
list-post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 98141 invoked from network); 23 Aug 2001 22:46:48 -0000
Date: Thu, 23 Aug 2001 15:43:56 -0700
From: Brian Pane <bpane@pacbell.net>
Subject: mod_include and POST
To: dev@httpd.apache.org
Message-id: <3B85872C.2090200@pacbell.net>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii; format=flowed
Content-transfer-encoding: 7BIT
X-Accept-Language: en-us
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801
X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N
Status: O
X-Status: 
X-Keywords: 
X-UID: 1149

This bit of logic in includes_filter() in mod_include looks
like a security hole:

    if (r->method_number != M_GET) {
        return ap_pass_brigade(f->next, b);
    }

It's possible to see the unparsed content of a file by just POSTing to it...

--Brian