Vulnerability Development mailing list archives
Re: CGI source being exposed using "~"
From: 11a () GMX NET (Bluefish)
Date: Wed, 10 May 2000 00:50:13 +0200
Nathan if the CGIs in that directory are owned by "root", then being able to
It would be the first case I ever heard of someone using root for webmastering, but I suppose there's all kinds of stupidity ;)
Had they bothered to set a good umask in their start-up scripts, like 'umask 066', then the existance of those backup files would not be a real problem.
How about locking into proxy logs etc? it seems fairly possible that these vulnerabilities could have been uncovered and exploited without the existence of these backupfiles? CGI is a pain in the neck to make even semi-secure ;-) ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- CGI source being exposed using "~" Nathan Einwechter (May 07)
- Re: CGI source being exposed using "~" Jonathan Williams (May 07)
- Re: CGI source being exposed using "~" Brian Hatch (May 07)
- Re: CGI source being exposed using "~" Richard Stevenson (May 07)
- Re: CGI source being exposed using "~" Pete Krawczyk (May 07)
- Re: CGI source being exposed using "~" phi-vuldev () EXORSUS NET (May 07)
- Re: CGI source being exposed using "~" Andrew Reisse (May 07)
- Re: CGI source being exposed using "~" Pavel Kankovsky (May 09)
- Re: CGI source being exposed using "~" javier (May 07)
- Re: CGI source being exposed using "~" Joe (May 08)
- Re: CGI source being exposed using "~" Bluefish (May 09)
- Re: CGI source being exposed using "~" Arturo Busleiman (May 08)
- Re: CGI source being exposed using "~" Jordan Dimov (May 08)
- Re: CGI source being exposed using "~" Adam Clarke (May 08)
- Re: CGI source being exposed using Labu Labi (May 08)
- <Possible follow-ups>
- Re: CGI source being exposed using "~" Jeremy Gaddis (May 07)
- Re: CGI source being exposed using "~" Irwan Shahrin Ismail (May 07)
- Re: CGI source being exposed using "~" George Capehart (May 08)
- Re: CGI source being exposed using "~" Brian McKinney (May 08)
- Re: CGI source being exposed using "~" Joe (May 09)
- Alternative ways of IP spoofing? Max.P (May 09)
(Thread continues...)