Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CGI source being exposed using

From: labu () RUMAH NET (Labu Labi)
Date: Tue, 9 May 2000 05:58:15 -0000

Hi all :-) 
Just for historical purposes. 
This problems actually has been addressed by Simple Nomad in 
his excellent The Unofficial Web Hack FAQ under section 07
http://www.nmrc.org/faqs/www/wsec07.html

"One vulnerability that I haven't mentioned is looking for 
files in /cgi-bin/ with a ~ on the end. If the administrator 
was editing change-your-password.pl with a package like 
emacs in the /cgi-bin/, there might be a 
change-your-password.pl~ backup file that the editor has 
created. You may be able to find holes in this code if you 
can read it, instead of simply guessing." 

Yup, this is really a problem and sometime you might be 
surprise on what you can get using this ~ thinggy. 

--labu 

I have searched SecurityFocus and bugtraq archives to see if 
this is a known issue, but did not turn up anything. So, I 
will post my questions here.
Previous By Date Next
Previous By Thread Next

Current thread: