| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1f29b89404101103381e144876@mail.gmail.com> From: umphress at gmail.com (Chris Umphress) Subject: unarj dir-transversal bug (../../../..) That was certainly a useful explanation. Isn't stuff on this list supposed to be readable? Anyhow, if I'm reading what you've said correctly, it's supposed to work that way. Most programs pass the "../" (or "..\") to the OS to handle. -- Chris On Sun, 10 Oct 2004 15:43:10 -0700, doubles@...h.com <doubles@...h.com> wrote: > yyoo wwaassssuupppp???????????????? ddoouubblleess iiss hheerree > ttoo > rroocckk ddaa hhoouussee nndd ttoo tthhrrooww uunnaarrjj ddiirr- > - > ttrraannssvveerrssaall bbuugg iinn yyaarr ffaaccee!! ''''uunnaarrjj > ee'''' uunnppaacckkss aallll ddaa sshhiitt ttoo ddaa ccuurrrreenntt > ddiirr ''''uunnaarrjj xx'''' uunnppaacckkss ttoo mmaannyy ddiirrss > nndd > iitt aaiinntt ggoonnnnaa cczzeecchh iiff yyoouu hhaavvee ddaa > eevviill > ''''....//....//....//....//....//....'''' sshhiitt iinn ddaa ppaatthh!! > ddoouubblleess > > Concerned about your privacy? Follow this link to get > secure FREE email: http://www.hushmail.com/?l=2 > > Free, ultra-private instant messaging with Hush Messenger > http://www.hushmail.com/services-messenger?l=434 > > Promote security and make money with the Hushmail Affiliate Program: > http://www.hushmail.com/about-affiliate?l=427 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- Chris Umphres <http://daga.dyndns.org/>
Powered by blists - more mailing lists