|
|
|
|
|
|
by burtonator2011
2615 days ago
|
|
|
I kind of got in a shit storm with Sun Microsystems back in the day about this... One of their servlets had a query parameter like /servlet/com.sun.projectname.SuperCrazyServlet?url=some_url_encoded_param and I found out that it accepted file:// URLs. They had the daemon running as root and I could read everything on the box. Anyway. I sent them an email to webmaster and to a few PMs I new but heard nothing back. About a week later I got a REALLY nasty legal as apparently they thought my email was an attempt to extort them and not just a nice guy trying to point out the problem. I think they thought I downloaded source code ... The PMs I emailed had to step in and vouch for me but I think that without their help I would have ended up with a really shitty lawsuit. |
|
|
If you really want it fixed post to pastebin and the traffic will bring attention to it. But it's better to just ignore and move on.