[hypermail] Attachment vulnarabilities,

From: Nikolajus Krauklis <nikolajus_at_avc.lt_at_hypermail-project.org>
Date: Fri, 15 Mar 2002 10:21:48 +0100
Message-ID: <003e01c1cc02$d58727d0$750210ac_at_compservis.lt>


Hello,

in lithuania we have PHP mailing list with mailman. With hypermail i making nice looking and usefull mailing list archive, but in this archyve where are some vulnarabilities. For example in that server there are PHP, so someone can send to mailing list *.php file and after making archive all user can get this *.php file throught web mailing list archive.
My mailing list archive reindexing every night, so every night i'm in dangerous
situation. This .php on my server people can in simple drop database and so on...

how to solve it. Before sending attachment to user browser, send special header. So .php file will be not exacutable, but saveble :)

Thanks.



Nikolajus Krauklis Received on Fri 15 Mar 2002 05:38:01 PM GMT

This archive was generated by hypermail 2.3.0 : Sat 13 Mar 2010 03:46:12 AM GMT GMT