Vulnerability Development mailing list archives
Re: CGI insecurities
From: taylord () INFOSECURE COM AU (David Taylor)
Date: Mon, 24 Jan 2000 14:24:01 +0800
On Mon, 24 Jan 2000, hypoclear - lUSt - (Linux Users Strike Today) wrote:
I have a question about CGI insecurities. Let's suppose this... Your looking at a site with some CGI forms that do a couple of neato things, and most likely there is a vulnerability in these scripts. How would one go about exploiting these scripts? (I'm not talking about pumping 1000 A's into it, till it crashes. ;-) Do you need the source code for the script? Is there anyway to retrieve the code of the working script on the site? I'm posting to vuln-dev because I believe that it will help aid in the exploiting of CGI scripts... of course I could be wrong
The source code for the CGI application will certainly help you find vulnerabilities within it. A properly configured web server will not allow you to retreive the source code. However, not all web servers are properly configured right? Look through the Bugtraq archive for the ::$DATA vulnerability in IIS. Also, if you have local unprivileged access to the web server you might have read perms on the CGI source. Another thing to keep in mind is that a lot of commonly used CGI's are free and can be downloaded from the web, or from the web server vendor. Failing this, you have to start making educated guesses about the logic behind the CGI, and how it could be exploited. (This is the bit where 1000 A's becomes appropriate). Dave Taylor
Current thread:
- Administrivia #5218, (continued)
- Administrivia #5218 Blue Boar (Jan 21)
- Re: Administrivia #5218 Imran Ghory (Jan 22)
- Re: Administrivia #5218 kjkotas (Jan 22)
- Re: Administrivia #5218 Granquist, Lamont (Jan 24)
- Re: Administrivia #5218 Bob Fiero (Jan 22)
- bruterh.sh & syslogd & [g]libc & proftpd & wu-ftpd & sendmail Michal Zalewski (Jan 23)
- things to break.. Inedag () AOL COM (Jan 23)
- CGI insecurities hypoclear - lUSt - (Linux Users Strike Today) (Jan 23)
- HTTP scanners? Scorpus Kahn (Jan 15)
- Re: HTTP scanners? Seth R Arnold (Jan 24)
- Re: CGI insecurities David Taylor (Jan 23)
- Re: CGI insecurities Blue Boar (Jan 23)
- Re: things to break.. Matthew S. Hallacy (Jan 23)
- Re: things to break.. Jeff Bachtel (Jan 23)
- Re: things to break.. Matt Conover (Jan 24)
- Re: things to break.. Jordan Ritter (Jan 25)
- Re: things to break.. WHiTe VaMPiRe (Jan 24)
- Re: things to break.. Jordan Ritter (Jan 25)
- Re: things to break.. Jordan Ritter (Jan 25)
- Re: things to break.. Matt Conover (Jan 24)
- Re: things to break.. John Galt (Jan 24)