Bugtraq mailing list archives

Re: Security problems with TWIG webmail system

From: João Gouveia <cercthar () TELEWEB PT>
Date: Thu, 30 Nov 2000 20:48:22 -0000

Hi,

----- Original Message -----
From: "Shaun Clowes" <shaun () securereality com au>
To: <BUGTRAQ () SECURITYFOCUS COM>
Sent: Thursday, November 30, 2000 8:25 AM
Subject: Re: Security problems with TWIG webmail system
(snip)

If I provide the exploit input via POST, or COOKIE I will achieve the same

effect,

simply checking GET is not enough. I would suggest my initial workaround

was

more suitable since it prevents ANY configuration information being

provided

by remote input, however the above suggestion could easily be extended

like

so:

if( $vhosts[$SERVER_NAME] &&
    !isset($HTTP_GET_VARS[vhosts]) &&
    !isset($HTTP_POST_VARS[vhosts]) &&
    !isset($HTTP_COOKIE_VARS[vhosts]))


That's not an option. Try this example script:
<quote>
<?
echo "$HTTP_POST_VARS<br> $HTTP_GET_VARS<br> $HTTP_COOKIE_VARS";
?>
</quote>

And call it like this:
script.php?HTTP_GET_VARS=test&HTTP_POST_VARS=test&HTTP_COOKIE_VARS=test
Or better yet: script.php?HTTP_GET_VARS=&HTTP_POST_VARS=&HTTP_COOKIE_VARS=

Best regards,

Joao Gouveia aka Tharbad.

Current thread:

Re: Security problems with TWIG webmail system Glover, Mike (Dec 01)
- <Possible follow-ups>
- Re: Security problems with TWIG webmail system João Gouveia (Dec 01)
- Re: Security problems with TWIG webmail system Shaun Clowes (Dec 01)
  - Re: Security problems with TWIG webmail system João Gouveia (Dec 01)
- Re: Security problems with TWIG webmail system Shaun Clowes (Dec 02)
  - Re: Security problems with TWIG webmail system Rasmus Lerdorf (Dec 02)