[Mailman-Users] Re: Critical security update for Mailman 2.1.5
AJ
aj at mindcrash.com
Fri Feb 11 14:34:35 CET 2005
This also stripped it down for me.
I do not see any logs in error or mischief.
How can I get it to actually log the attempt so I know this is working.
Thanks.
Quoting Tokio Kikuchi <tkikuchi at is.kochi-u.ac.jp>:
> AJ wrote:
>
>> How can we test that the patch is working? Is there a way to cause the log
>> message to be written to the mischief log? Just want to make sure
>> the patch is
>> working, any help would be great.
>
> Principally, add /../ in your browser's url box after authenticate
> yourself for the private archive page:
> http://your.host/mailman/private/yourlist/../
>
> But my browser is clever enough to strip this to
> http://your.host/mailman/private/
> :-<
>
> Note that this is not an exploit. You will find other malicious attempts
> in logs/error.
>
> -- Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp
> http://weather.is.kochi-u.ac.jp/
>
>
More information about the Mailman-Users
mailing list