Penetration Testing mailing list archives
Python CGI interpreter phys.path vuln on Win32 ?
From: Kristian Franzen <kristian.franzen () trs mine nu>
Date: 12 Oct 2001 09:43:05 -0000
Mailer: SecurityFocus All, I'm currently pen-testing a clients web-application running on IIS 4 & 5. They have implemented the logic in their website using CGI scripts written in Python. When addressing a non-existent CGI script in the /cgi- bin folder (or other executable folders that contain CGI's) the webserver reveals the physical path of both the Python interpreter as well as the non- existent cgi-script. The output looks somewhat like: <c:\program files\python\python.exe: can't open file 'c:\inetpub\wwwroot\cgi-bin\fakefile.cgi'> Has anyone experienced this,and has anyone figured out which versions of the Python interpreter that are vulnerable to this ? In addition, with some playing around with other characters in the URL preceeding the fake cgi, like /cgi-bin/""test&20fakefile.cgi, the resulting output turns: <c:\program files\python\python.exe: can't open file 'c:\inetpub\wwwroot\cgi-bin\test'> Interesting... (could this be exploited furhter, to have the interpreter execute other stuff ?) I've harvetsted various newsgroups for references to these issues, though without success. Any help or input greately appreciated. Cheers, Kristian kristian.franzen () trs mine nu ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Python CGI interpreter phys.path vuln on Win32 ? Kristian Franzen (Oct 12)
- Re: Python CGI interpreter phys.path vuln on Win32 ? Joerg Over (Oct 12)
- Re: Python CGI interpreter phys.path vuln on Win32 ? Marco van Zanten (Oct 24)