[14106] in bugtraq
IIS dosn't check existance of local file before calling CGI
daemon@ATHENA.MIT.EDU (3APA3A)
Wed Mar 1 02:04:53 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <12925.000229@SECURITY.NNOV.RU>
Date: Tue, 29 Feb 2000 22:12:11 +0300
Reply-To: 3APA3A <3APA3A@SECURITY.NNOV.RU>
From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Hello,
There is another one way to retrieve a full path to local files in
IIS4:
If there is external CGI application configured for some file type
and this application doesn't produce correct HTTP headers IIS
generates an error with output of application (both stdout and
stderror). The problem is, that IIS doesn't check existance of the
requested file before calling CGI application.
For example, if perl configured as an external CGI program for .pl
files and user requests nonexistent .pl file
(http://www.somehost.com/nonexistant.pl) IIS calls perl with
nonexistant.pl, and generates error message:
"<head><title>Error in CGI Application</title></head>
<body><h1>CGI Error</h1>The specified CGI application misbehaved by not
returning a complete set of HTTP headers. The headers it did return
are:<p><p><pre>Can't open perl script
"d:\inetpub\wwwroot\present\security\nonexistant.pl":
No such file or directory
</pre>"
http://www.security.nnov.ru
/\_/\
{ . . } |\
+--oQQo->{ ^ }<-----+ \
| 3APA3A U 3APA3A }
+-------------o66o--+ /
|/
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
