[Esd-l] Modifying the sanitizer to scan for INCLUDETEXT fields

Brett Glass brett at lariat.org
Tue Oct 1 22:36:01 PDT 2002

Previous message: [Esd-l] SECURITY_NOTIFY_SENDER: Return-Path
Next message: [Esd-l] Modifying the sanitizer to scan for INCLUDETEXT fields
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 10:15 PM 9/26/2002, John D. Hardin wrote:

>This is the "steal-a-file" vulnerability?

Yep.

>Do you have a patch? 

Not for your code, but essentially it's a field (not a macro)
called INCLUDETEXT containing a filename.

--Brett

Previous message: [Esd-l] SECURITY_NOTIFY_SENDER: Return-Path
Next message: [Esd-l] Modifying the sanitizer to scan for INCLUDETEXT fields
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the esd-l mailing list