Displaying 1 result from an estimated 1 matches for "true_path".
Did you mean:
true&path
2005 Feb 09
2
full-d] Administrivia: List Compromised due to Mailman Vulnerability (fwd)
...ity in Mailman 2.1.5.
Subscriber addresses and passwords have been compromised. All list
members are advised to change their password immediately. There do
not appear to be further signs of intrusion although investigations
continue.
The vulnerability lies in the Mailman/Cgi/private.py file:
def true_path(path):
"Ensure that the path is safe by removing .."
path = path.replace('../', '')
path = path.replace('./', '')
return path[1:]
A crafted URL fragment of the form ".../....///" will pass through the
above function and return...