Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ePerl: bad handling of ISINDEX queries

From: pimlott () ABEL MATH HARVARD EDU (Andrew Pimlott)
Date: Wed, 8 Jul 1998 12:27:14 -0400

On Mon, 6 Jul 1998, Tiago Luz Pinto wrote:


    (ePerl is an embedded Perl Interpreter for HTTP servers)

* Description:
    Incorrect Handling of ISINDEX queries (command line argument)
when ePerl runs as a nph-cgi/cgi.


I notified the author of a variant of this bug last summer (which he
fixed; see
http://www.engelschall.com/sw/eperl/distrib/eperl-SNAP/ChangeLog).  I
honestly wouldn't trust eperl for a minute.  These are very simple
mistakes.


* Cause:
    According with the CGI/1.1 specification, the HTTP
server executes CGI's passing the ISINDEX field as a command
line argument. When ePerl runs and gets this argument
(argc > 1), it fails to set MODE_CGI, then tries to
open the argument for parsing/executing.

    This can lead to arbitrary Perl code being executed on
the server.

* Example:
http://foo.com/some/dir/doit.phtml?/home/ftp/incoming/executemycode.phtml


Andrew

"Do they give a Nobel Prize for attempted chemistry?"
- "Sideshow" Bob Terwilliger
Previous By Date Next
Previous By Thread Next

Current thread: