Hi, I've looked again at Debian bug #284875 and I can't see how to reproduce the fourth part, either:
> (4) Just about any stupid hack will work with wget. %00 bytes (see the > POC) and other %-escaped control characters handling, symlink attacks: > > $ cd /tmp > $ ln -s index.html /path/to/foo > $ wget -x http://localhost/ > -> /path/to/foo In my tests wget does sanitize the input, so these attacks would seem to be fruitless. Could you explain in further detail how to reproduce this? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
