Vulnerability Development mailing list archives
Re: Guestbook perl script (error fix)
From: matt () TELEPATH COM (Matt Carothers)
Date: Fri, 8 Oct 1999 09:57:46 -0500
On Mon, 4 Oct 1999, Blue Boar wrote:
During my testing of the exploit, I've found that all of these work: <!--#exec cmd="cat /etc/group"--> <!--#exec cmd="cat /etc/group"> <!--#exec cmd="cat /etc/group" This works even in the middle of a line of HTML code!
[...]
Can anyone else verify that their web server behaves similarly, and that I haven't configured or compiled something funny? I haven't had time to dig into the Apache code yet.
Yeah, that's normal behavior. If mod_include sees a "<!--#", it processes the directive. After it's done with the directive, it looks for "-->" and logs a "premature EOF" error if it doesn't find it.
I suggest that folks look for lines that have <!-- in them, and dump the whole line for safety's sake, when writing such scripts. In my brief testing, the entire <!-- prefix seemed necessary.
The entire "<!--#" has to be there to trigger a directive handler. Removing all occurances of "<!--#" from the input is sufficient to neuter all server-side includes. $value =~ s/<!--#//g; - Matt
Current thread:
- Re: Guestbook perl script (error fix) Blue Boar (Oct 04)
- Re: Guestbook perl script (error fix) Matt Carothers (Oct 08)
- Newbie in Jeopardy Me Uh, K. (Oct 06)
- Re: Newbie in Jeopardy Nimrod Vered (Oct 09)
- Re: Guestbook perl script (error fix) Erik Parker (Oct 08)
- SSH and X11 forwarding Rob Quinn (Oct 08)
- fbsd 3.3 ospf_monitor research Brock Tellier (Oct 08)
- Re: fbsd 3.3 ospf_monitor research Jeff Bachtel (Oct 10)
- Re: fbsd 3.3 ospf_monitor research Andrew Reiter (Oct 11)
- restoretextmode problems robert (Oct 11)
- Newbie in Jeopardy Me Uh, K. (Oct 06)
- NT SysKey should be breakable Mikael Olsson (Oct 08)
- Re: NT SysKey should be breakable Mikael Olsson (Oct 09)
- Re: Guestbook perl script (error fix) Matt Carothers (Oct 08)