November 15, 2004

Security warning with TWiki

TWiki Input Validation Hole in Search Function Lets Remote Users Execute Shell Commands - This one got me at the OpenInteract wiki site. How do you know you’ve been bit? Check your access log for a GET URL like:


As long as your web server is running as an unprivileged user (like apache) you shouldn't be up the creek. It's still goddamned annoying these little bastards make simple things a chore...

Next: Join with the creationists!
Previous: Replacing BeanUtils with Spring's BeanWrapper