Bugtraq mailing list archives
Re: Vulnrability in test-cgi...
From: im14u2c () cegt201 bradley edu (Joe Zbiciak)
Date: Mon, 2 Dec 1996 20:43:15 -0600
And then Jesus Altuve went and said something like this: | |Safe??? there's a way to inventory the files on a server using the TEST-CGI |program! (on certain setups) here's the advisory L0pth released on April.. [...] |On many web sites there exists a file called test-cgi (usually in |the cgi-bin directory or somewhere similar). There is a problem |with many of these test-cgi files. If your test-cgi file contains |the following line (verbatim) then you are probably vulnerable. | |echo QUERY_STRING = $QUERY_STRING | |All of these lines should have the variables enclosed in loose |quotes ("). Without these quotes certain special characters |(specifically '*') get expanded where they shouldn't. Perhaps a better fix is to disable "globbing" altogether, unless it's absolutely required. Under bourne-derived shells, this is done with set -f Indeed, this closes up the hole for all of the non-quoted strings. An even better fix: remove test-cgi. :-) Of course, that doesn't work for the cases when you do use a shell script for some trivial web task. Disabling shell globbing, except as-needed, is a good measure in general for CGI scripts. --Joe -- :======= Joe Zbiciak =======: :- - im14u2c () bradley edu - -: "Puritanism is the haunting fear that : - - - - - http: - - - - - : someone, somewhere, might be happy." ://ee1.bradley.edu/~im14u2c/: --H. L. Mencken :======= DISCLAIMER: =======: :== You mean you actually ==: :== listen to this stuff? ==: (655:834 6:15)
Current thread:
- Vulnrability in test-cgi... Apropos of Nothing (Nov 30)
- denial of service attack on login NuNO (Dec 01)
- Re: Vulnrability in test-cgi... Roger Espel Llima (Dec 01)
- Little feature/bug in RedHat Linux Antti Andreimann (Dec 01)
- Users can modify routing in AIX 4.1 Dave Roberts (Dec 02)
- Re: Users can modify routing in AIX 4.1 Troy Bollinger (Dec 02)
- <Possible follow-ups>
- Re: Vulnrability in test-cgi... Jesus Altuve (Dec 02)
- Re: Vulnrability in test-cgi... Joe Zbiciak (Dec 02)
- /bin/ksh sparc code Kichang Yang (Dec 03)
- AltaVista Firewall for UNIX Sarah Keating (Dec 03)