Re: CGI security

[ivo () KOPJE KOFFIE NU (Ivo van der Wijk)]

On Sun, Sep 12, 1999 at 09:57:35AM -0500, Kerb wrote:
> I just read most of the Phrack article about CGI security, and it made me
> wonder about another possible exploit.
> You'll have to correct me if I am wrong, as I am not real familiar with C, but
> would it be possible to throw an EOF
> character into a string?  Maybe a query string?  Now that doesnt sound all that
> great as is, but if you think about it,
> URL's are logged into the web logs, and a lot of administrators either have a
> program or just grep the access_log for
> attempts to exploit CGI vulnerabilities (scanners, etc).  Now this is where it
> gets good.  Would it be possible to
> tack an EOF file into a query string on a normal request, even for a static
> page (/index.html?EOF), then follow up
> with an exploit?  That way, if it works as I think it might, then when the log
> file is checked, it finds that EOF character
> and stops there, thinking it is the end of the file.  That would effectively
> cover your tracks.  As a CGI programmer,
> I'd appreciate any feedback.

EOF characters don't exist (at least not on Un*x) - a file ends when all of its
bytes have been read.

        Ivo