I fixed it already. Thanks
Yutaka Sato wrote:
>On 12/24/01(10:59) you Lim Chee Wooi <email@example.com> wrote
> |I found one exploit on delegate server, please try
> |http://www.somedelegateserver.com:8080/-_-file:///etc/passwd or
>Could you tell me the version and the configuration parameters
>of the DeleGate you found?
>By default, HTTP-DeleGate prohibits access to "file:*", usage
>from clients on non-local networks to the DeleGate, and so on.
>If someone configure DeleGate to allow exploit from remote networks
>for "file:", it becomes exploitable as the person intended.
> @ @ Yutaka Sato <firstname.lastname@example.org> http://www.delegate.org/y.sato/
> ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
>_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan