Re: CGI source being exposed using "~"

[buanzox () USA NET (Arturo Busleiman)]

On Sun, 7 May 2000, Nathan Einwechter wrote:

> Hello all,
hi nat!

> This is obviously a problem, but why is it occuring? As far as I can
> tell, the server is running on Apache 1.3.9 (linux).
well, I'm running Apache 1.3.9 PHP 3.0.14 (Linux), I tested by using

$ lynx localhost/cgi-bin/test-cgi~
I got a 403/Forbidden response.
Just to check, I listed it's permissions and ownership:

-rwxr-xr-x   1 nobody   nogroup       757 Feb 11 18:22 test-cgi*

> PS Please do not stereotype people whome are teenagers, and interested
> in security as "Crackers" or "Script Kiddies" as many of us are not.
Motion Seconded! I'm 18 years old, and since 12 that I'm concerned with
security, but as I had always investigated by myself (I first installed
linux 5 years ago and I have previously programmed and read all by myself
) without asking questions, that's why they never mmmmm shut me up.
The administrators of various important argentinan ISPs and government
sites now qualify me as a white hat hacker, and it makes me really happy.

*> Get PGP KEY: use pgpk -a hkp://horowitz.surfnet.nl/buanzox () usa net
*> Lista social de mail. Envia e-mail en blanco a lsb-subscribe () egroups com
*> Panic? My kernel doesn't panic! We are doomed! DustDustDust!!!!