Vulnerability Development mailing list archives

Re: Guestbook perl script (error fix)

From: matt () TELEPATH COM (Matt Carothers)
Date: Fri, 8 Oct 1999 09:57:46 -0500


On Mon, 4 Oct 1999, Blue Boar wrote:

During my testing of the exploit, I've found that all of these work:

<!--#exec cmd="cat /etc/group"-->
<!--#exec cmd="cat /etc/group">
<!--#exec cmd="cat /etc/group"

This works even in the middle of a line of HTML code!

[...]

Can anyone else verify that their web server behaves similarly, and that I
haven't configured or compiled something funny?  I haven't had time to dig
into the Apache code yet.


Yeah, that's normal behavior.  If mod_include sees a "<!--#", it processes
the directive.  After it's done with the directive, it looks for "-->" and
logs a "premature EOF" error if it doesn't find it.

I suggest that folks look for lines that have <!-- in them, and dump the
whole line for safety's sake, when writing such scripts.  In my brief
testing, the entire <!-- prefix seemed necessary.


The entire "<!--#" has to be there to trigger a directive handler.  Removing
all occurances of "<!--#" from the input is sufficient to neuter all
server-side includes.

$value =~ s/<!--#//g;

- Matt

Current thread:

Re: Guestbook perl script (error fix) Blue Boar (Oct 04)
- Re: Guestbook perl script (error fix) Matt Carothers (Oct 08)
  - Newbie in Jeopardy Me Uh, K. (Oct 06)
    - Re: Newbie in Jeopardy Nimrod Vered (Oct 09)
  - Re: Guestbook perl script (error fix) Erik Parker (Oct 08)
  - SSH and X11 forwarding Rob Quinn (Oct 08)
  - fbsd 3.3 ospf_monitor research Brock Tellier (Oct 08)
    - Re: fbsd 3.3 ospf_monitor research Jeff Bachtel (Oct 10)
    - Re: fbsd 3.3 ospf_monitor research Andrew Reiter (Oct 11)
    - restoretextmode problems robert (Oct 11)
  - NT SysKey should be breakable Mikael Olsson (Oct 08)
    - Re: NT SysKey should be breakable Mikael Olsson (Oct 09)

(Thread continues...)