[plug] Liberal Party website - Query
Patrick Coleman
blinken at gmail.com
Wed Oct 10 20:07:01 WST 2007
David Dartnall wrote:
>
> How do you determine the OS on the Liberal Party server?
Looking at the error pages normally works: http://www.liberal.org.au/dfgdfgdfg
> In the event that it's M$ this may be a good opportunity to give Linux
> a plug.
> Less susceptible to this type of attack?
Unfortunately probably not; this is a (very) sloppy web programming
issue rather than an OS insecurity. It's just as easy to have an issue
like this on with a badly written PHP application on a misconfigured
UNIX server.
> Do their IT experts make a lot of sense in what they say?
I'm guessing no - opening files based on unscreened user input is like
Web Security 101. Full marks to whoever wrote this.
-Patrick
More information about the plug
mailing list