Demo
Discussion
Forum
Config Examples
Contributions
Vulnerabilities
Discussion forum about ELOG
Not logged in
Back
|
Find
|
Login
|
Help
Crafted URL causes elog to coredump, posted by Steve Jones on Sat Mar 4 06:08:29 2006
Re: Crafted URL causes elog to coredump, posted by Stefan Ritt on Mon Mar 6 14:04:12 2006
Re: Crafted URL causes elog to coredump, posted by Steve Jones on Mon Mar 6 17:35:52 2006
Re: Crafted URL causes elog to coredump, posted by Stefan Ritt on Mon Mar 6 17:45:18 2006
Re: Crafted URL causes elog to coredump, posted by Steve Jones on Mon Mar 6 18:04:39 2006
Re: Crafted URL causes elog to coredump, posted by Steve Jones on Mon Mar 6 18:06:32 2006
[UPDATE] Re: Crafted URL causes elog to coredump, posted by Steve Jones on Mon Mar 6 18:54:32 2006
[UPDATE2] Re: Crafted URL causes elog to coredump, posted by Steve Jones on Wed Mar 8 18:05:54 2006
[Segmentation Fault source identified] Verbose Output: Re: Crafted URL causes elog to coredump, posted by Steve Jones on Wed Mar 8 20:19:14 2006
Message ID:
1752
Entry time:
Mon Mar 6 14:04:12 2006
In reply to:
1748
Reply to this:
1753
Icon:
Author:
Stefan Ritt
Author Email:
stefan.ritt@psi.ch
Category:
Bug report
OS:
All
ELOG Version:
2.6.1-1660
Subject:
Re: Crafted URL causes elog to coredump
Steve Jones wrote:
While playing with TOP GROUP I managed to get elog 2.6.1 1660 on Solaris 9 to coredump. Since I didn't really understand TOP GROUP I tried a URL where I had
http://elog.server.com/topgroupname/logbookname
. Putting that logbookname at the end caused elog to dump.
Can this be reproduced by others?
No. This forum has the "elog" as the top group, "Forum" as the logbook, so if I write
http://midas.psi.ch/elogs/elog/Forum
it does not crash.
ELOG V3.1.5-fe60aaf