Received: (qmail 60318 invoked by uid 501); 13 Sep 2001 18:00:37 -0000 Message-Id: <20010913180037.60317.qmail@apache.org> Date: 13 Sep 2001 18:00:37 -0000 From: Alexandre Hautequest Reply-To: hquest@fesppr.br To: submit@bugz.apache.org Subject: SSI'ng /etc/passwd X-Send-Pr-Version: 3.110 >Number: 8332 >Category: mod_include >Synopsis: SSI'ng /etc/passwd >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Quarter: >Keywords: >Date-Required: >Class: mistaken >Submitter-Id: apache >Arrival-Date: Thu Sep 13 11:10:00 PDT 2001 >Closed-Date: Thu Sep 13 11:27:46 PDT 2001 >Last-Modified: Thu Sep 13 11:27:46 PDT 2001 >Originator: hquest@fesppr.br >Release: 1.3.20 >Organization: >Environment: Slackware 8.0 default install, others probably >Description: if u use an SSI code like this <!--#exec cmd="cat /etc/passwd"--> you can open your entire file in browser. >How-To-Repeat: creating a simple web page putting the above line >Fix: >Release-Note: >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Thu Sep 13 11:27:46 PDT 2001 State-Changed-Why: [This is a standard response.] This is a CGI programming or basic configuration issue. As mentioned on the main bug database page, we must refer all such basic or non-Apache-related questions to the user newsgroups comp.infosystems.www.servers.unix and comp.infosystems.www.servers.ms-windows, or the scripting newsgroup comp.infosystems.www.authoring.cgi First check the FAQ http://httpd.apache.org/docs/misc/FAQ.html and then pose your question to the appropriate newsgroup. Thanks for using Apache! Class-Changed-From-To: sw-bug-mistaken Class-Changed-By: marc Class-Changed-When: Thu Sep 13 11:27:46 PDT 2001 Severity-Changed-From-To: critical-non-critical Severity-Changed-By: marc Severity-Changed-When: Thu Sep 13 11:27:46 PDT 2001 >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]