Vulnerability Development mailing list archives
Re: CGI source being exposed using
From: labu () RUMAH NET (Labu Labi)
Date: Tue, 9 May 2000 05:58:15 -0000
Hi all :-) Just for historical purposes. This problems actually has been addressed by Simple Nomad in his excellent The Unofficial Web Hack FAQ under section 07 http://www.nmrc.org/faqs/www/wsec07.html "One vulnerability that I haven't mentioned is looking for files in /cgi-bin/ with a ~ on the end. If the administrator was editing change-your-password.pl with a package like emacs in the /cgi-bin/, there might be a change-your-password.pl~ backup file that the editor has created. You may be able to find holes in this code if you can read it, instead of simply guessing." Yup, this is really a problem and sometime you might be surprise on what you can get using this ~ thinggy. --labu I have searched SecurityFocus and bugtraq archives to see if this is a known issue, but did not turn up anything. So, I will post my questions here.
Current thread:
- Re: CGI source being exposed using "~", (continued)
- Re: CGI source being exposed using "~" Pete Krawczyk (May 07)
- Re: CGI source being exposed using "~" phi-vuldev () EXORSUS NET (May 07)
- Re: CGI source being exposed using "~" Andrew Reisse (May 07)
- Re: CGI source being exposed using "~" Pavel Kankovsky (May 09)
- Re: CGI source being exposed using "~" javier (May 07)
- Re: CGI source being exposed using "~" Joe (May 08)
- Re: CGI source being exposed using "~" Bluefish (May 09)
- Re: CGI source being exposed using "~" Arturo Busleiman (May 08)
- Re: CGI source being exposed using "~" Jordan Dimov (May 08)
- Re: CGI source being exposed using "~" Adam Clarke (May 08)
- Re: CGI source being exposed using Labu Labi (May 08)
- Re: CGI source being exposed using "~" Jeremy Gaddis (May 07)
- Re: CGI source being exposed using "~" Irwan Shahrin Ismail (May 07)
- Re: CGI source being exposed using "~" George Capehart (May 08)
- Re: CGI source being exposed using "~" Brian McKinney (May 08)
- Re: CGI source being exposed using "~" Joe (May 09)
- Alternative ways of IP spoofing? Max.P (May 09)
- Re: Alternative ways of IP spoofing? Justin Randall (May 09)
- AIM bug or feature jeff D (May 09)
- Re: AIM bug or feature Alistair Orchard (May 09)
- Punishment Blue Boar (May 09)