[20217] in bugtraq
new advisory
daemon@ATHENA.MIT.EDU (UkR hacking team)
Mon Apr 16 03:34:34 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
Message-ID: <200104150213.FAA45157@fatlady.ukr.net>
Date: Sun, 15 Apr 2001 05:13:46 +0300
Reply-To: UkR hacking team <ukrteam@ukr.net>
From: UkR hacking team <ukrteam@ukr.net>
To: BUGTRAQ@SECURITYFOCUS.COM
Name: Environment and Setup Variables can be Viewed through processit.pl CGI script
Author: UkR-XblP /UkR security team:www.ukrteam.ru /GiN group:www.secure.f2s.com
Problems:The script allows several environment variables to be viewed by the attacker, who can gain useful information on the site, making further attacks more feasible
Analysis:processit.pl dumps useful information (e.g. script location, SERVER_SOFTWARE, DOCUMENT_ROOT, etc.) to the browser when the requested file provided is incorrect or when request without parametrs.
Exploits: If site does not contain a incorrect file, thus the following URL displays the environment dump. However, a similar url, when applied within the necessary modifications to an unprotected site would yield the desired result:
http://www.victim.org/cgi-bin/processit.pl?FORMNAME=UkR
or
http://www.victim.org/cgi-bin/processit.pl
