[12554] in bugtraq
FormHandler.cgi
daemon@ATHENA.MIT.EDU (Mnemonix)
Fri Nov 12 14:10:02 1999
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_00AF_01BF2CD3.F9C01560"
Message-Id: <00b201bf2cd3$fa98c220$1ee893c3@mnemonix>
Date: Fri, 12 Nov 1999 06:05:52 -0000
Reply-To: Mnemonix <mnemonix@GLOBALNET.CO.UK>
From: Mnemonix <mnemonix@GLOBALNET.CO.UK>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
------=_NextPart_000_00AF_01BF2CD3.F9C01560
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
A quick search of the databases didn't show anything about this =
particular problem though the principle is well recognised as an issue:
FormHandler.cgi available from =
http://www.cgi-perl.com/programs/FormHandler=20
uses hard coded physical paths for templates etc so it's possible to get =
sensitive files like /etc/passwd by modifying a site's form and =
submitting it.
Cheers,
David Litchfield
http://www.infowar.co.uk/mnemonix/
Cerberus Information Security
+44(0)181 661 7405
------=_NextPart_000_00AF_01BF2CD3.F9C01560
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>A quick search of the databases didn't =
show=20
anything about this particular problem though the principle is well =
recognised=20
as an issue:</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>FormHandler.cgi available from <A=20
href=3D"http://www.cgi-perl.com/programs/FormHandler =
">http://www.cgi-perl.com/programs/FormHandler=20
</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>uses hard coded physical paths for =
templates etc so=20
it's possible to get sensitive files like /etc/passwd by modifying =
a site's=20
form and submitting it.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Cheers,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>David Litchfield</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://www.infowar.co.uk/mnemonix/">http://www.infowar.co.uk/mnem=
onix/</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Cerberus Information =
Security</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>+44(0)181 661 =
7405</FONT></DIV></BODY></HTML>
------=_NextPart_000_00AF_01BF2CD3.F9C01560--
