[TYPO3-core] RFC #9474: Integrate OpenID authentication support to TYPO3
Dmitry Dulepov
dmitry at typo3.org
Sun Oct 5 07:39:01 CEST 2008
Hi!
Steffen Kamper wrote:
> imho it doesn't work on windows as /dev isn't the same as c:/dev/
Yes, it is. PHP allows any path separator and omitting drive part means "current drive". This is often used as attack attempt on MS IIS. Something like: http://windowshost.com/script.asp?param=/windows/system32/cmd.exe%20-C%20echo%Y%20|%20del%20/*.*
--
Dmitry Dulepov
TYPO3 Core team
My TYPO3 book: http://www.packtpub.com/typo3-extension-development/book
In the blog: http://typo3bloke.net/post-details/duplicate_content_with_realurl/
More information about the TYPO3-team-core
mailing list