[issue11197] information leakage with SimpleHTTPServer
Huzaifa Sidhpurwala
report at bugs.python.org
Fri Jul 1 10:26:49 CEST 2011
Huzaifa Sidhpurwala <sidhpurwala.huzaifa at gmail.com> added the comment:
It seems python was being blamed for what is essentially the fault of lynx.
The following would translate into browsing files locally from the system and not from the web:
lynx http://localhost:8000/../../../../../../../../etc/passwd
The correct syntax for testing should have been:
lynx http://localhost:8000/../../../../../../../../etc/passwd
----------
nosy: +Huzaifa.Sidhpurwala
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11197>
_______________________________________
More information about the Python-bugs-list
mailing list