Hylafax Mailing List Archives

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security-Hole in faxsurvey-form



On Wed, Jul 29, 1998 at 03:20:05PM +0200, Carsten Hoeger wrote:
> Hello all,
> 
> 
> JFYI:
> 
> 
> in the faxsurvey-cgi that comes with HylaFAX is a security-hole.
> 
> If you try this:
> 
> http://www.anyhost-with-this-cgi.com/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd
> 
> 
> You can e.g. read the host's passwd...
> 
> 
> If this survey is from interest, I'll make a bug-fix.

Until a better solution for collecting the faxsurvey we should
remove this from the distributiuons;

	matthias



Home
Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services