Originally posted by italiano@Oct 4 2003, 09:54 PM
IMPORTANT: This is not a bug! They intentionally added this code to ES5.
Whilst the vulnerability is confirmed, the allegations that this is not a bug but malicious code are certainly not confirmed by any means. Seems like the person who discovered the flaw is seeking publicity by sensationalizing his discovery.
To me, this certainly looks like a common bug. The intention of the 'feature' was probably to support deleting of partial downloads/temp files, yet due to an oversight by the programmers, appending "..\" before the filename lets you "break out" of the working directory.
Whoever wrote the report advisory included a statment saying this is not a bug, but an intentional feature, yet gave no information whatsoever to justify his claims. How could he possibly know weather the intention of the code was malicious or not?
On a related note it's probably not going to apply to many people anyway. Whilst the concept behind ES5 is interesting and novel, the implementation is comparative to your average peice of dog-turd. Doesn't beat k-lite for MP3, and doesnt beat emule for software/movies. I tried it because of the publicity and hype surrounding it, and it was gone from my hd within a week
Linear Mode
