WebApp Sec mailing list archives
Re: htaccess with apache
From: Tim Greer <chatmaster () charter net>
Date: 04 Nov 2003 12:19:33 -0800
On Tue, 2003-11-04 at 11:38, A.D.Douma wrote:
Hello, I had a similair problem with a cgi script that used a <input type='hidden' name='success' value=succes.'html'> to point the clients browser to the "transaction complete page". Because of this an attacker could read every file on the webserver. Luckily the /etc/passwd file was shadowed. My question is what else could an attacker do? Would command execution be possible? Thanks
Command execution is unlikely, but other vulnerabilities may exist in your script. Sometimes read access is all an attacker needs. Ultimately, if the script isn't checking the file type, the path, or having more secure checking going on, you shouldn't use it until or unless it's remedied or replaced. To protect a script from these type of things is very simple, with little knowledge--otherwise try the services of a qualified programmer to assist you. -- Tim Greer <chatmaster () charter net>
Current thread:
- htaccess with apache Hans Mueller (Nov 04)
- Re: htaccess with apache David Precious (Nov 04)
- Re: htaccess with apache Graham Lally (Nov 04)
- Re: htaccess with apache Tim Greer (Nov 04)
- Re: htaccess with apache A.D.Douma (Nov 04)
- Re: htaccess with apache Tim Greer (Nov 04)
- Re: htaccess with apache Sverre H. Huseby (Nov 04)
- Re: htaccess with apache Tim Tompkins (Nov 04)
- Re: htaccess with apache Lucas Holt (Nov 04)
- Re: htaccess with apache A.D.Douma (Nov 05)
- Re: htaccess with apache Tim Greer (Nov 04)
- Re: htaccess with apache Graham Lally (Nov 04)
- Re: htaccess with apache Tim Greer (Nov 04)
- Re: htaccess with apache António Vasconcelos (Nov 05)
- Re: htaccess with apache Tim Greer (Nov 05)
- Re: htaccess with apache António Vasconcelos (Nov 06)
- Re: htaccess with apache Tim Greer (Nov 06)