Bugtraq mailing list archives
Re: CGI security
From: buanzox () USA NET (Arturo Busleiman)
Date: Wed, 15 Sep 1999 00:13:11 -0300
But there is EOL character ('\0'.). If you will use something like "/index.html?%00xxxxxxxxxxxxxxxxx" xxxxxxxxxxxxxxxxx propably will not appear in any logs at all.
so, if I telnet localhost 80: Trying 127.0.0.1 Connected to localhost Escape character is '^]'. GET /index.html?%00blabla OK, I get index.html..... but.... # tail /var/log/messages/httpd.access_log localhost - - [15/Sep/1999:00:09:30 -0300] "GET /usa.html?%00blabla" 200 8944 it does appear. did I missed something, or our assumptions were erroneous?
Current thread:
- Redhat 6.0 Password Issues root3d (Sep 08)
- <Possible follow-ups>
- Re: Redhat 6.0 Password Issues Josh Higham (Sep 10)
- Re: Redhat 6.0 Password Issues Erik Parker (Sep 11)
- Re: Redhat 6.0 Password Issues Alan Brown (Sep 11)
- CGI security Kerb (Sep 12)
- Re: CGI security Ivo van der Wijk (Sep 13)
- Re: CGI security Vladimir Dubrovin (Sep 14)
- Re: CGI security Arturo Busleiman (Sep 14)
- Multiple vulnerabilities in CDE Job de Haas (Sep 13)
- Re: Multiple vulnerabilities in CDE Troy A. Bollinger (Sep 13)
- Re: Multiple vulnerabilities in CDE Dan Astoorian (Sep 14)
- Vulnerability in dtspcd Job de Haas (Sep 13)
- Solaris 2.7 /usr/bin/mail Brock Tellier (Sep 13)
- Stack Shield 0.5 beta vendicator () USA NET (Sep 13)
- Re: Redhat 6.0 Password Issues Scott Manley (Sep 12)
- Re: Redhat 6.0 Password Issues Roger Espel Llima (Sep 12)
- Vulnerability in dtsession Job de Haas (Sep 13)