On Fri, 15 May 2009, Ned Slider wrote:
John Hardin wrote:
On Fri, 15 May 2009, Adam Stephens wrote:
>
> I'm seeing lots of FPs on this, most prominently on mail
> from mail.elsevier-alerts.com
Really? Sites are sending out legitimate URLs pointing to hidden
directories?
Could you post an example, please? This I gotta see...
I don't so much think it's a case of them containing hidden dirs, but rather
for some reason the rule misfires (maybe??).
Anyway, here's an example I saw today where I can't see why the rule fired:
http://pastebin.com/m1268fbe6
Thanks. Here's the problematic URI:
http://../cd.asp?i=572550545&UserID=4DFEDDHIIBCFBH55
in the unsunscribe link. Granted, ".." is not a hidden directory.
Revised rule, to omit current directory and parent directory relative
URIs, while still hitting on "..." (which is pretty common):
uri URI_HIDDEN /\/\.(?!\.\/)[^\/]/i
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
You cannot bring about prosperity by discouraging thrift. You
cannot help small men by tearing down big men. You cannot
strengthen the weak by weakening the strong. You cannot lift the
wage-earner by pulling down the wage-payer. You cannot help the
poor man by destroying the rich. You cannot keep out of trouble by
spending more than your income. You cannot further the brotherhood
of man by inciting class hatred. You cannot establish security on
borrowed money. You cannot build character and courage by taking
away men's initiative and independence. You cannot help men
permanently by doing for them what they could and should do for
themselves. -- William J. H. Boetcker
-----------------------------------------------------------------------
6 days until the 5th anniversary of SpaceshipOne winning the X-prize
