LOL. Just goes to show how silly the whole notion of file extensions (in relation to security) is.
Yeah, that's what I don't quite understand about this vulnerability. Why on earth would you allow users to upload to a folder with scripts/execute permissions enabled? The extension should be irrelevant. -- AT&T U-Hearse Your funeral. Delivered.
LOL. Just goes to show how silly the whole notion of file extensions (in relation to security) is.
Yeah, that's what I don't quite understand about this vulnerability. Why on earth would you allow users to upload to a folder with scripts/execute permissions enabled? The extension should be irrelevant.
Because most Windows server admins don't ever think about security. This vulnerability can't be exploited if proper permissions are set on the directory. -- "Ubuntu protects you from malware in the same way that a Geo protects you from carjackers." -Anonymous
Because most Windows server admins don't ever think about security. This vulnerability can't be exploited if proper permissions are set on the directory.
I'd also add that there are actually software vendors out there today whose applications require administrative access to the entire C: drive of a server. I had one such setup. Later, they tried to tell us we also had to open up ports to allow Dameware for them to provide support. We told them that if they couldn't live with a secured connection and a completely firewalled network, we'd get another vendor. They finally screwed up enough we dropped them anyhow. -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis
·
·
·
·
