Bugtraq mailing list archives
Re: ePerl: bad handling of ISINDEX queries
From: pimlott () ABEL MATH HARVARD EDU (Andrew Pimlott)
Date: Wed, 8 Jul 1998 12:27:14 -0400
On Mon, 6 Jul 1998, Tiago Luz Pinto wrote:
(ePerl is an embedded Perl Interpreter for HTTP servers) * Description: Incorrect Handling of ISINDEX queries (command line argument) when ePerl runs as a nph-cgi/cgi.
I notified the author of a variant of this bug last summer (which he fixed; see http://www.engelschall.com/sw/eperl/distrib/eperl-SNAP/ChangeLog). I honestly wouldn't trust eperl for a minute. These are very simple mistakes.
* Cause: According with the CGI/1.1 specification, the HTTP server executes CGI's passing the ISINDEX field as a command line argument. When ePerl runs and gets this argument (argc > 1), it fails to set MODE_CGI, then tries to open the argument for parsing/executing. This can lead to arbitrary Perl code being executed on the server. * Example: http://foo.com/some/dir/doit.phtml?/home/ftp/incoming/executemycode.phtml
Andrew "Do they give a Nobel Prize for attempted chemistry?" - "Sideshow" Bob Terwilliger
Current thread:
- Sun libnsl lameness George Clooney (Jul 01)
- Re: Sun libnsl lameness nicholas harteau (Jul 01)
- pop_msg in debian/qpopper: core, but no exploit Herbert Rosmanith (Jul 02)
- Alert: ASP vulnerability with Alternate Data Streams Aleph One (Jul 02)
- ::$DATA ISAPI filter Aleph One (Jul 02)
- ePerl: bad handling of ISINDEX queries Tiago Luz Pinto (Jul 06)
- Re: ePerl: bad handling of ISINDEX queries Andrew Pimlott (Jul 08)
- Re: ePerl: bad handling of ISINDEX queries Steve Willer (Jul 08)
- notes on Port scanning Lloyd Vancil (Jul 08)
- WWW Authorization Gateway Albert Nubdy (Jul 08)
- Re: ePerl: bad handling of ISINDEX queries Andrew Pimlott (Jul 08)
- Re: Sun libnsl lameness Allanah Myles (Jul 06)
- Re: Sun libnsl lameness mib () DEAKIN EDU AU (Jul 08)
- Re: Sun libnsl lameness Scott Stubbs (Jul 09)
- Sun libnsl patches Mike Sorsen (Jul 09)
- Re: Sun libnsl lameness Matt Conover (Jul 08)
- DoS: ANS Interlock Firewall Chris A. Henesy (Jul 09)
- Administrivia Aleph One (Jul 09)
- Re: Sun libnsl lameness mib () DEAKIN EDU AU (Jul 08)
(Thread continues...)