Bugtraq mailing list archives
Re: test-cgi - Re: HTTP REQUEST METHOD flaw
From: mudge () L0PHT COM (Dr. Mudge)
Date: Fri, 15 Jan 1999 12:31:26 -0500
I believe the original test-cgi problem was first publicly posted via a L0pht Security Advisory in 1996. It also mentioned that several of the variables were under user control. Just for the record :) .mudge On Thu, 14 Jan 1999, Peter van Dijk wrote:
A paper I wrote somewhere in 1997(!) notes that CONTENT_TYPE, CONTENT_LENGTH, HTTP_ACCEPT, HTTP_REFERER, PATH_INFO, PATH_TRANSLATED, QUERY_STRING, REQUEST_METHOD and SERVER_PROTOCOL are under control of the user. If you control your reverse and forward DNS, you could also theoretically control REMOTE_HOST. Greetz, Peter. -- <squeezer> AND I AM GONNA KILL MIKE | Peter van Dijk <squeezer> hardbeat, als je nog nuchter bent: | peter () attic vuurwerk nl <squeezer> @date = localtime(time); | realtime security d00d <squeezer> $date[5] += 2000 if ($date[5] < 37); | <squeezer> $date[5] += 1900 if ($date[5] < 99); | * blah *
Current thread:
- test-cgi - Re: HTTP REQUEST METHOD flaw monti (Jan 13)
- Re: test-cgi - Re: HTTP REQUEST METHOD flaw Peter van Dijk (Jan 14)
- Re: test-cgi - Re: HTTP REQUEST METHOD flaw Peter van Dijk (Jan 15)
- Re: test-cgi - Re: HTTP REQUEST METHOD flaw Dr. Mudge (Jan 15)
- Secuity hole with perl (suidperl) and nosuid mounts on Linux Brian McCauley (Jan 14)
- Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux Jan B. Koum (Jan 15)
- Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux Ollivier Robert (Jan 18)
- Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux Jarkko Hietaniemi (Jan 18)
- Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux Jan B. Koum (Jan 15)
- Re: test-cgi - Re: HTTP REQUEST METHOD flaw Peter van Dijk (Jan 14)
- security hole in Maximizer Mike Jones (Jan 14)
- AW: test-cgi Adrian Dabrowski (Jan 14)