[Systems] False positive

Sascha Silbe sascha-ml-ui-sugar-systems at silbe.org
Fri Mar 13 06:47:52 EDT 2009

On Fri, Mar 13, 2009 at 11:39:48AM +0100, Bernie Innocenti wrote:

That one's probably me.
Just for the record: I haven't (yet) intentionally scanned / probed / 
whatever the server (on the network level).

>>       /passwd HTTP Response 200     
>> /index.php?cont=../../../../../../../../../../../../../../../etc/passwd%00 
>> HTTP Response 200
> These two entries in today's logwatch on sunjammer almost made me 
> faint,
> but they're both false positives.

> /passwd is just the password change form.
Yes, I've used that one to change the initial password according to the 
instructions in the "welcome" mail.

CU Sascha

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: Digital signature
Url : http://lists.sugarlabs.org/private/systems/attachments/20090313/d04669d2/attachment.pgp 

More information about the Systems mailing list