httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rahul bhola <rb1223334...@gmail.com>
Subject Re: [users@httpd] Possible exploit?
Date Wed, 12 Feb 2014 21:11:14 GMT
by sanitize i mean just check that u dont directly put the data coming from
cmd or command to exec() or functions that might compromise the security of
your system. By url i mean example:
yoursite.com/sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&shopid=
http://www.google.com/humans.txt?
would show you what he got



On Thu, Feb 13, 2014 at 2:08 AM, Knute Johnson <apache@knutejohnson.com>wrote:

> On 2/12/2014 08:43, rahul bhola wrote:
>
>> because of HTTP Response 302 a safe bet would be to say he didnt get
>> anything still i would recommend you to sanitize the data u get from
>> parameter command and cmd.
>> Also simply go to the url to see what he saw
>>
>
> To what URL?  What do you mean sanitize?
>
>
> Thanks,
>
> --
>
> Knute Johnson
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


-- 
Rahul Bhola
B.E.
computers
Core Member
Department of backstage
Bits Pilani KK Birla Goa Campus

Mime
View raw message