>>3
I'm pretty sure this is related to Perl's string handling. This wasn't just another stupid programmer, everyone could have made this mistake.
Name:
Anonymous2007-09-26 14:08 ID:uxItpmSb
How do we know this is Perl? CGI could be assembly for all we know.
Name:
Anonymous2007-09-26 14:17 ID:x4M7KQnG
>>9
Maybe it's Cfag, writing C and AJAX. Cfag, where are you? Did you have anything to do with this? (I know it's faster, I know, calm down, good boy, I'll let you use -O3 next time.)
Name:
Anonymous2007-09-26 14:34 ID:KL24CKTG
Lesson learned: path handling isn't something you want to do naïvely with string concatenation or interpolation features. Unless you're sure that the things you're concatenating together are single path components and not ".." or ".".
Name:
Anonymous2007-09-26 16:27 ID:UNhwycNq
>>11
The thing you should have learned from this is that you can't be sure, ever.
Name:
Anonymous2007-09-26 20:17 ID:ESJl0kva
Anyone got script's own sauce?
Name:
Anonymous2007-09-26 20:18 ID:LtRNK20g
Someone posted already posted this this morning. Shadow passwd files are useless to an attacker, gtfo script kiddies.
Name:
Anonymous2007-09-27 0:56 ID:ezfub8/2
>>12
That's horseshit. You can be sure, as long as certain conditions hold. Robust code will manage these conditions and then apply the appropriate computation to produce results according to specification.
Name:
Anonymous2007-09-27 5:37 ID:I/UmFjtl
Nobody in his sane mind will use old passwd, so /etc/passwd is nowhere as interesting as it used to be.
Name:
Anonymous2007-09-27 8:15 ID:v/6oeJEL
>>16
Then get /etc/shadow. If they're stupid enough to leave gaping security holes there's a chance they're also running httpd as root.