WebApp Sec mailing list archives
Re: htaccess with apache
From: Lucas Holt <luke () foolishgames com>
Date: Tue, 4 Nov 2003 16:48:11 -0500
On Nov 4, 2003, at 2:38 PM, A.D.Douma wrote:
Hello,I had a similair problem with a cgi script that used a <input type='hidden'name='success' value=succes.'html'> to point the clients browser to the "transaction complete page".Because of this an attacker could read every file on the webserver. Luckilythe /etc/passwd file was shadowed. My question is what else could an attacker do? Would command execution be possible? Thanks
Yes as the user the webserver is running as. For example, I did an audit at my former employer once. I got into the webserver through a CGI called Mailman (endymion) which is a pop3 mail checker. The template code had a bug. I was able to execute programs and see the results.. ps, ls, cat, etc. My boss ran all services as nobody like a moron. Basically i could access most files on the system because he made sure read access was available to all the services "in case they needed them." Sadly, i worked for an ISP.
Lucas Holt Luke () FoolishGames com ________________________________________________________ FoolishGames.com (Jewel Fan Site) JustJournal.com (Free blogging)"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
- Albert Einstein (1879-1955)
Current thread:
- htaccess with apache Hans Mueller (Nov 04)
- Re: htaccess with apache David Precious (Nov 04)
- Re: htaccess with apache Graham Lally (Nov 04)
- Re: htaccess with apache Tim Greer (Nov 04)
- Re: htaccess with apache A.D.Douma (Nov 04)
- Re: htaccess with apache Tim Greer (Nov 04)
- Re: htaccess with apache Sverre H. Huseby (Nov 04)
- Re: htaccess with apache Tim Tompkins (Nov 04)
- Re: htaccess with apache Lucas Holt (Nov 04)
- Re: htaccess with apache A.D.Douma (Nov 05)
- Re: htaccess with apache Tim Greer (Nov 04)
- Re: htaccess with apache Graham Lally (Nov 04)
- Re: htaccess with apache Tim Greer (Nov 04)
- Re: htaccess with apache António Vasconcelos (Nov 05)
- Re: htaccess with apache Tim Greer (Nov 05)
- Re: htaccess with apache António Vasconcelos (Nov 06)
- Re: htaccess with apache Tim Greer (Nov 06)
- Re: htaccess with apache António Vasconcelos (Nov 11)
- Re: htaccess with apache Tim Greer (Nov 11)
- Re: htaccess with apache Tim Greer (Nov 11)