On 12/24/01(10:59) you Lim Chee Wooi <firstname.lastname@example.org> wrote
|I found one exploit on delegate server, please try
Could you tell me the version and the configuration parameters
of the DeleGate you found?
By default, HTTP-DeleGate prohibits access to "file:*", usage
from clients on non-local networks to the DeleGate, and so on.
If someone configure DeleGate to allow exploit from remote networks
for "file:", it becomes exploitable as the person intended.
@ @ Yutaka Sato <email@example.com> http://www.delegate.org/y.sato/
( - ) National Institute of Advanced Industrial Science and Technology (AIST)
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan