| From: MJ Ray (markj at cloaked.freeserve.co.uk) Date: Tue Apr 1 18:08:36 EST 2003 |
|
Noel Welsh <noelwelsh at yahoo.com> wrote: > PS: If anyone has a Moshi install, try a URL like > http://localhost:8181/servlets/moshi-view.ss?page=../../../../../etc/passwd > Oops. Oh you tart. Twice. Once for the obvious. Once for putting the page name into a query variable. At least it wasn't /etc/shadow. And if the above is an example of lamers day, then you need to be afraid. Very afraid. MJR
| Posted on the users mailing list. |
|
![[logo]](/logo.png){kind=logo}