Vulnerability Development mailing list archives
Serious Hole in Comment/Discussion CGI Script
From: Barry Russell <bjz11600 () PRODIGY NET>
Date: Thu, 26 Oct 2000 08:21:53 -0400
I found a sample Comment/Discussion Script that lets visitors visit a persons site and leave a quick comment. The comments are shown through a CGI Script, and the script opens the file that has the comments. I looked at the script and saw that it allows you to read other txt files(since it uses env query_string to know what file to open), The code is below, I was wondering if there were any other bugs in this. I tried openning other files with it but with no luck. Tried the null byte trick also, any other things wrong with this ? #--Code-- #!/usr/bin/perl print "Content-type: text/html\n\n"; ($article,$count)=split(/\&/, $ENV{QUERY_STRING}); open(FILE, "commentdata/$article.txt"); @lines=<FILE>; close FILE; chomp @lines; @lines=reverse @lines; foreach $line (@lines) { ($comment,$name)=split(/\^/, $line); print "<font size=1 face=arial>- $comment<Br>"; $num++; last if $num==$count; } so far I was only able to read other text files, any suggestions are appreciated.
Current thread:
- Serious Hole in Comment/Discussion CGI Script Barry Russell (Oct 27)
- Re: Serious Hole in Comment/Discussion CGI Script Vitaly McLain (Oct 27)
- Re: Serious Hole in Comment/Discussion CGI Script Barry Russell (Oct 27)
- Re: Serious Hole in Comment/Discussion CGI Script Joe (Oct 29)
- Re: Serious Hole in Comment/Discussion CGI Script Taneli Huuskonen (Oct 31)
- <Possible follow-ups>
- FW: Serious Hole in Comment/Discussion CGI Script Richard Bartlett (Oct 28)
- Re: FW: Serious Hole in Comment/Discussion CGI Script Bluefish (P.Magnusson) (Oct 29)
- Re: Serious Hole in Comment/Discussion CGI Script Vitaly McLain (Oct 27)