[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#432932: metasend: Slightly exploitable MIME type setting



The mime type setting isn't the only one.

-A '"xxx; foo=xxx echo headshot"'
headshot

also works nicely.

It is several lines of eval ctype${multipart}=\"$ctype\"  and similar that 
shows these.

Just search for eval in the code and almost all of them does this.

But unless mime types is added by untrusted people, it isn't a real problem.

/Sune

-- 
Do you know how may I doubleclick on the gadget?

You can never close the TCP microprocessor, this way from Debian LinuxPPC NT 
and from the control tools within DOS XP you must load the head on a virus to 
a forward for mounting the case.

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: