Bugtraq mailing list archives
Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2)
From: jogata () NODC NOAA GOV (Jefferson Ogata)
Date: Mon, 8 Nov 1999 12:30:11 -0500
Ben Laurie wrote:
[Snippage has occurred] Blue Boar wrote:The format of the SSI command entered is as follows: <!--#exec cmd="cat /etc/group" You should place this command (or other desired command) somewhere in the comments. The format of the command is part of the problem, and why I'm thinking there may be some sloppiness in Apache. It appears that there is an assumption that SSI commands tend to be on lines by themselves, and are of the format: <!--# (SSI command) --> In my testing with the most recent Apache at the time (1.3.9) I found it took any of the following: <!--#exec cmd="cat /etc/group"--> <!--#exec cmd="cat /etc/group"> <!--#exec cmd="cat /etc/group" It also didn't seem to matter that it was in the middle of a line of HTML. I'm actually a bit more worried about how many other scripts make this assumption, and how long Apache has been making that be a bad assumption.Apache doesn't make a bad assumption. If you don't want SSIs executing stuff, you shouldn't enable it. Cheers, Ben.
Or you should enable it using the IncludesNOEXEC option rather than the simple Includes option. -- Jefferson Ogata <jogata () nodc noaa gov> National Oceanographic Data Center You can't step into the same river twice. -- Herakleitos
Current thread:
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2), (continued)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Stephen White (Nov 06)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Steven Champeon (Nov 07)
- Patch for VirusWall 3.23. dark spyrit (Nov 07)
- Netscape Web Publisher Tim Jones (Nov 06)
- Re: Netscape Web Publisher Mnemonix (Nov 07)
- Re: Netscape Web Publisher nblasgen () NICK REFRACT COM (Nov 07)
- vwxploit.c unix port Sebastian (Nov 08)
- Windows NT Spooler Service. Avri Schneider (Nov 07)
- [w00giving '99 #2] IMAIL POP server Shok (Nov 07)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Blue Boar (Nov 07)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Jefferson Ogata (Nov 08)
- MS Outlook alert : Cuartango Active Setup Elias Levy (Nov 08)
- BigIP - bigconf.cgi holes Guy Cohen (Jun 13)
- Re: MS Outlook alert : Cuartango Active Setup David LeBlanc (Nov 08)
- Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Mark (Nov 08)
- Insecure handling of NetSol maintainer passwords jlewis () LEWIS ORG (Nov 08)
- flaw in dmesg under Solaris echo8 (Nov 09)
- Re: Insecure handling of NetSol maintainer passwords Jefferson Ogata (Nov 09)
- Re: Insecure handling of NetSol maintainer passwords pedward () WEBCOM COM (Nov 10)
- Re: Insecure handling of NetSol maintainer passwords Trevor Schroeder (Nov 10)
- networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords) Jefferson Ogata (Nov 10)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Stephen White (Nov 06)