1395Re: [soaplite] Preventing package name traversal attacks
- Apr 9, 2002On Tuesday, April 9, 2002, at 10:24 AM, theonetowhommyrefers wrote:
> There is an article at Use::Perl which discusses a serious securityDon't use autodispatch!
> hole in SOAP::Lite -
> This article is based on another article at Phrack:
> >From what I can tell the security hole is that autodispatch allows
> direct access to fully qualified package names and thus arbitrary
> commands can be executed on the remote machine.
> How can we stop such attacks?
-- Tom Mornini
-- InfoMania Printing and Prepress
-- ICQ: 113526784, AOL: tmornini, Yahoo: tmornini, MSN: tmornini
- << Previous post in topic Next post in topic >>