[plug] Liberal Party website - Query

Patrick Coleman blinken at gmail.com
Wed Oct 10 20:07:01 WST 2007

David Dartnall wrote:
> How do you determine the OS on the Liberal Party server?

Looking at the error pages normally works: http://www.liberal.org.au/dfgdfgdfg

> In the event that it's M$ this may be a good opportunity to give Linux
> a plug.
> Less susceptible to this type of attack?

Unfortunately probably not; this is a (very) sloppy web programming
issue rather than an OS insecurity. It's just as easy to have an issue
like this on with a badly written PHP application on a misconfigured
UNIX server.

> Do their IT experts make a lot of sense in what they say?

I'm guessing no - opening files based on unscreened user input is like
Web Security 101. Full marks to whoever wrote this.


More information about the plug mailing list