Python CGI interpreter phys.path vuln on Win32 ?

[Kristian Franzen <kristian.franzen () trs mine nu>]

Mailer: SecurityFocus

All,

I'm currently pen-testing a clients web-application 
running on IIS 4 & 5. They have implemented the 
logic in their website using CGI scripts written in 
Python. 

When addressing a non-existent CGI script in the /cgi-
bin folder (or other executable folders that contain 
CGI's) the webserver reveals the physical path of 
both the Python interpreter as well as the non-
existent cgi-script.

The output looks somewhat like:

<c:\program files\python\python.exe: can't open 
file 'c:\inetpub\wwwroot\cgi-bin\fakefile.cgi'>

Has anyone experienced this,and has anyone figured 
out which versions of the Python interpreter that are 
vulnerable to this ? 

In addition, with some playing around with other 
characters in the URL preceeding the fake cgi,
like /cgi-bin/""test&20fakefile.cgi, the resulting output 
turns:

<c:\program files\python\python.exe: can't open 
file 'c:\inetpub\wwwroot\cgi-bin\test'>

Interesting... (could this be exploited furhter, to have 
the interpreter execute other stuff ?)

I've harvetsted various newsgroups for references to 
these issues, though without success. 

Any help or input greately appreciated.

Cheers,

Kristian
kristian.franzen () trs mine nu

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/