Re: [listfiles] anomaly

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 50123
interpreted = N
texte = In the words of homer simpson: doh!On 5/7/03 1:02 PM, Joe D'Andrea wrote:> Couldn't figure out whether to label this an exploit, bug, oversight > or what... so I settled on anomaly. > > Put this in a template: > > [listfiles] > [filename] > [/listfiles] > > And you will get a list of the files in your WebSTAR root folder. It > doesn't matter where on your server you put the template, you will > always get a list of files in the W* root. > > Clearly, there is some coder error here as I left out the required > path= parameter. But since the docs clearly say that path= is a > required parameter, shouldn't WebCat protect me from myself when I > don't include a required parameter? > > I'm using w*4/macos9/wcat4.5, but what happens if a v5 sandbox user > leaves out the required parameter? Do they get access to stuff they > shouldn't? > > ~joe > ----------------------------- Daniel Schutzsmith Senior Web Developer Berlin Productions, Inc. dan@berlinprod.com http://www.berlinprod.com (914) 683-5759 (914) 683-5751 fax ----------------------------- ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [listfiles] anomaly (Rob Marquardt 2003)
  2. Re: [listfiles] anomaly (Gary Krockover 2003)
  3. Re: [listfiles] anomaly (Daniel Schutzsmith 2003)
  4. [listfiles] anomaly (Joe D'Andrea 2003)
In the words of homer simpson: doh!On 5/7/03 1:02 PM, Joe D'Andrea wrote:> Couldn't figure out whether to label this an exploit, bug, oversight > or what... so I settled on anomaly. > > Put this in a template: > > [listfiles] > [filename] > [/listfiles] > > And you will get a list of the files in your WebSTAR root folder. It > doesn't matter where on your server you put the template, you will > always get a list of files in the W* root. > > Clearly, there is some coder error here as I left out the required > path= parameter. But since the docs clearly say that path= is a > required parameter, shouldn't WebCat protect me from myself when I > don't include a required parameter? > > I'm using w*4/macos9/wcat4.5, but what happens if a v5 sandbox user > leaves out the required parameter? Do they get access to stuff they > shouldn't? > > ~joe > ----------------------------- Daniel Schutzsmith Senior Web Developer Berlin Productions, Inc. dan@berlinprod.com http://www.berlinprod.com (914) 683-5759 (914) 683-5751 fax ----------------------------- ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Daniel Schutzsmith

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

You *can!!* overwrite username/password using an HTML form. Also, experts *please* see Q at end (2000) WebDNA for Dummies (2004) Single Link browsing (1997) RE: [WebDNA] Ubuntu and WebDNA (2019) Alternating BGColors in Table Rows (1998) WebCat2 - Getting to the browser's username/password data (1997) Summary layout (1997) Spawn doesn't work as advertised ... (2000) OT: Log Files (2003) Redirect frame targets (1998) Server Freeze (1998) Multiple Items (1998) Acrobat Form Submission (1999) File not found error message (1998) Using Plug-In while running 1.6.1 (1997) WebCat2b15MacPlugIn - [authenticate] not [protect] (1997) Q: writefile and uploads. (1998) quantity minimum problem (1997) WebCat2b13MacPlugIn - [include] (1997) [FileInfo] strangeness (1998)