WebApp Sec mailing list archives

Re: htaccess with apache

From: Tim Greer <chatmaster () charter net>
Date: 04 Nov 2003 12:19:33 -0800

On Tue, 2003-11-04 at 11:38, A.D.Douma wrote:

Hello,

I had a similair problem with a cgi script that used a <input type='hidden'
name='success' value=succes.'html'> to point the clients browser to the
"transaction complete page".

Because of this an attacker could read every file on the webserver. Luckily
the /etc/passwd file was shadowed. My question is what else could an
attacker do? Would command execution be possible?

Thanks


Command execution is unlikely, but other vulnerabilities may exist in
your script.  Sometimes read access is all an attacker needs. 
Ultimately, if the script isn't checking the file type, the path, or
having more secure checking going on, you shouldn't use it until or
unless it's remedied or replaced.  To protect a script from these type
of things is very simple, with little knowledge--otherwise try the
services of a qualified programmer to assist you.
-- 
Tim Greer <chatmaster () charter net>

Current thread:

htaccess with apache Hans Mueller (Nov 04)
- Re: htaccess with apache David Precious (Nov 04)
- Re: htaccess with apache Graham Lally (Nov 04)
  - Re: htaccess with apache Tim Greer (Nov 04)
    - Re: htaccess with apache A.D.Douma (Nov 04)
    - Re: htaccess with apache Tim Greer (Nov 04)
    - Re: htaccess with apache Sverre H. Huseby (Nov 04)
    - Re: htaccess with apache Tim Tompkins (Nov 04)
    - Re: htaccess with apache Lucas Holt (Nov 04)
    - Re: htaccess with apache A.D.Douma (Nov 05)
    - Re: htaccess with apache Graham Lally (Nov 04)
    - Re: htaccess with apache Tim Greer (Nov 04)
    - Re: htaccess with apache António Vasconcelos (Nov 05)
    - Re: htaccess with apache Tim Greer (Nov 05)
    - Re: htaccess with apache António Vasconcelos (Nov 06)
    - Re: htaccess with apache Tim Greer (Nov 06)

(Thread continues...)