You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Brian Behlendorf <br...@hyperreal.org> on 1998/01/22 08:13:03 UTC
Lotus Domino server vulnerable
http://www.wired.com/news/news/business/story/9774.html
The short of it: having config files under your document root is bad.
Making them editable through the site is even worse!
I like this:
> The hole can be exploited in curious ways. At one
> vulnerable site, NBC Sports, a cracker could view the
> list of names for all customers who registered for
> the site's sweepstakes.
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
"Optimism is a strategy for making brian@apache.org
a better future." - Noam Chomsky brian@hyperreal.org