Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

SSI Injection Question

From: Max <max0r () digitalsamurai org>
Date: Fri, 1 Sep 2000 01:58:33 +0000
Please excuse me if this has already been discussed, or I end up
sounding really stupid.

Imagine you had a CGI script (i.e search engine), that would return
input entered by the user to some sort of result page, for example,
"no matches for pretzel". Now, imagine again that this result had an
extention that was listed to be run over by the SSI interperator.

What would happen if you passed a string like "<!--#include
virtual="/etc/password"-->"?

When the string was printed to a result page would it then by parsed by
the SSI interperator?

The only reason I ask is because its not uncommon for sites to set
"AddType server-parsed .html", for the sake of having a universal
extention.

Thanks,
Max.

--
[FCS] Yea, We Regulate [FCS]
Previous By Date Next
Previous By Thread Next

Current thread: