That chubby swede (sleepy) wrote,
That chubby swede

  • Mood:
  • Music:
Woke up way past 8:00am today.. arrived at the office 9:20 something... blah... pooped. My eye are sore... and my thoughts/concentration process hasn't even started yet... more coffee..

<GEEK>Hacked some PHP yesterday, the guys who had built the news papers site though that dynamic includes was really nifty... yup, so they used it heavily to include templates... but never though "security", it was wide open for dot-dot-slash hack. It was possible to fetch the contents of /etc/passwd ... I plugged it with a regexp hack that stripped off dot-dot-slash and everything before a slash and the slash... but also checks the existence of the desired file, in a predetermined directory... I think that would successfully plug that hole. Another 20 minute hack.</GEEK>
  • Post a new comment


    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.