Vulnerability Development mailing list archives
Re: CGI source being exposed using "~"
From: petek () BSOD NET (Pete Krawczyk)
Date: Sun, 7 May 2000 21:00:13 -0500
Date: Sun, 7 May 2000 15:02:21 -0400 From: Nathan Einwechter <compsecure () softhome net> Subject: CGI source being exposed using "~" }This problem allows anyone to view and download the source for any of }the CGI scripts on their site. All that I did, was put a tild "~" at the }end of the url to the cgi, and it popped up with the CGI source code, and }some images etc, which the code references to within. None of it is }formated when you first view it. However, if you just view the source of }the page, right there infront of you, is the entire source code for the }Perl CGI script. Emacs will often save older backup copies of files with a ~ at the end of the file. Therefore, what you are seeing are copies of the original script that someone was editing with Emacs. I don't use Emacs, so I couldn't tell you how to not do that, but that's not the fault of Apache. I tried it on a few servers that had Apache 1.3.9/mod_perl 0.21 (according to Netcraft) and the condition you described doesn't exist. You may want to tell your ISP to delete the backup files, then. -Pete K -- Pete Krawczyk petek at bsod dot net or pkrawczy at uiuc dot edu http://www.uiuc.edu/ph/www/pkrawczy/ Finger pkrawczy at uiuc dot edu for PGP public key
Current thread:
- CGI source being exposed using "~" Nathan Einwechter (May 07)
- Re: CGI source being exposed using "~" Jonathan Williams (May 07)
- Re: CGI source being exposed using "~" Brian Hatch (May 07)
- Re: CGI source being exposed using "~" Richard Stevenson (May 07)
- Re: CGI source being exposed using "~" Pete Krawczyk (May 07)
- Re: CGI source being exposed using "~" phi-vuldev () EXORSUS NET (May 07)
- Re: CGI source being exposed using "~" Andrew Reisse (May 07)
- Re: CGI source being exposed using "~" Pavel Kankovsky (May 09)
- Re: CGI source being exposed using "~" javier (May 07)
- Re: CGI source being exposed using "~" Joe (May 08)
- Re: CGI source being exposed using "~" Bluefish (May 09)
- Re: CGI source being exposed using "~" Arturo Busleiman (May 08)
- Re: CGI source being exposed using "~" Jordan Dimov (May 08)
- Re: CGI source being exposed using "~" Adam Clarke (May 08)
- Re: CGI source being exposed using Labu Labi (May 08)
(Thread continues...)