Miva, Miva Script, Miva Empresa, Miva Mia amd Miva Merchant are registered trademarks of the Miva Corporation 		 
Ivo Truxa - truXoft control systems: advanced programming and custom IT solutions home / about / webdesign / Miva / automation / contact

http://mivo.truxoft.com
MIVO!
miva beyond limits
invert colors ] 
M I V O ! 
ABOUT 
WHAT'S NEW 
SECURITY 
RESOURCES 
MERCHANT 
HOSTING 
disclaimer 
  

MIVA®  SECURITY:  Vulnerability in htmlscript

by Ivo Truxa, 09/11/2000


From the bugtraq

This is a security flow in the old Htmlscript, it means versions prior 3.00. It allows an intruder to break out of the sandbox and access files in the root of the server. The example shows the possibility to acces the passwd system file (as long as not shadowed). Any other files that are readable by 'everybody' may be accessed. Joe Austin, MIVA's CEO offers updating any old htnlscript engine (I suppose for free). Read the original posts in the bugtraq:

Dennis Moore Jan 26 1998 Vulnerability in htmlscript [cached]
Joe Austin Jan 27 1998 RE: Vulnerability in htmlscript [cached]

top
   

Miva and some other terms used on this page are registerd trademarks of the Miva Corporation
copyright  truXoft  © 1997-2010