oss-sec mailing list archives

YingZhi Lua Programming Language for iOS ftp .. bug & httpd arbitrary upload

From: "Larry W. Cashdollar" <larry0 () me com>
Date: Fri, 30 Aug 2013 13:16:47 +0000 (GMT)

Hi,

During further investigation of the Python programming language by XiaoWen for ipad/iphone I discovered a new Lua / 
Perl / Ruby programming application in the apple application store all written by XiaoWen Huang that suffers from the 
http file upload vulnerabilities.  It appears the ../ has been fixed for these other applications.

Download Locations:

https://itunes.apple.com/us/app/perl-programming-language/id578116006?mt=8&ls=1

https://itunes.apple.com/us/app/ruby-programming-language/id581732143?mt=8&ls=1

https://itunes.apple.com/us/app/lua-programming-language/id505972017?mt=8&ls=1

-- Larry

Current thread:

YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload Larry W. Cashdollar (Aug 29)
- Re: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload cve-assign (Aug 29)
  - Re: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload Larry W. Cashdollar (Aug 30)
    - Re: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload Larry W. Cashdollar (Aug 30)
    - YingZhi Lua Programming Language for iOS ftp .. bug & httpd arbitrary upload Larry W. Cashdollar (Aug 30)