[11903] in bugtraq
Re: CGI security
daemon@ATHENA.MIT.EDU (Arturo Busleiman)
Wed Sep 15 00:29:58 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.3.96.990915001006.2051A-100000@buanzo.dhis.org>
Date: Wed, 15 Sep 1999 00:13:11 -0300
Reply-To: Arturo Busleiman <buanzox@USA.NET>
From: Arturo Busleiman <buanzox@USA.NET>
X-To: Vladimir Dubrovin <vlad@sandy.ru>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3524.990914@sandy.ru>
> But there is EOL character ('\0'.). If you will use something like
> "/index.html?%00xxxxxxxxxxxxxxxxx" xxxxxxxxxxxxxxxxx propably will not
> appear in any logs at all.
so, if I telnet localhost 80:
Trying 127.0.0.1
Connected to localhost
Escape character is '^]'.
GET /index.html?%00blabla
OK, I get index.html..... but....
# tail /var/log/messages/httpd.access_log
localhost - - [15/Sep/1999:00:09:30 -0300] "GET /usa.html?%00blabla" 200 8944
it does appear. did I missed something, or our assumptions were erroneous?
