[Mailman-Users] Re: Critical security update for Mailman 2.1.5
Tokio Kikuchi
tkikuchi at is.kochi-u.ac.jp
Fri Feb 11 04:10:39 CET 2005
AJ wrote:
> How can we test that the patch is working? Is there a way to cause the log
> message to be written to the mischief log? Just want to make sure the
> patch is
> working, any help would be great.
Principally, add /../ in your browser's url box after authenticate
yourself for the private archive page:
http://your.host/mailman/private/yourlist/../
But my browser is clever enough to strip this to
http://your.host/mailman/private/
:-<
Note that this is not an exploit. You will find other malicious attempts
in logs/error.
--
Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp
http://weather.is.kochi-u.ac.jp/
More information about the Mailman-Users
mailing list