Author Topic: Security issue on eevblog.com  (Read 2076 times)

0 Members and 1 Guest are viewing this topic.

Offline azrimola

  • Contributor
  • Posts: 12
Security issue on eevblog.com
« on: January 18, 2012, 10:20:47 am »
Hello,

if you visit http://www.eevblog.com/page/2/ and have a look at the bottom link pointing to either "« Older Entries" or "Newer Entries »" you will see that there is an extra URL parameter appended to both of the links.

One example of such link is:  http://www.eevblog.com/page/3/?file=..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00

This at least indicates a failed attempt of running an exploit described here:
http://www.thesecuritysamurai.com/2011/02/24/the-procselfenviron-vulnerability-by-cesar-salas-stillsecure-soc-analyst/


 

Online EEVblog

  • Administrator
  • *****
  • Posts: 29204
  • Country: au
    • EEVblog
Re: Security issue on eevblog.com
« Reply #1 on: January 18, 2012, 11:45:08 am »
Thanks
Yes, I am aware of this and need to look into how to fix it.

Dave.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf