[20506] in bugtraq
Re: PerlCal (CGI) show files vulnerability
daemon@ATHENA.MIT.EDU (Stan)
Sun Apr 29 17:37:05 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-ID: <5.1.0.14.0.20010429095954.00ac0ec0@nuffsaid.axenet.org>
Date: Sun, 29 Apr 2001 10:01:41 +0200
Reply-To: Stan <stan@WHIZKUNDE.ORG>
From: Stan <stan@WHIZKUNDE.ORG>
X-To: MegaHz <costcon@cytanet.com.cy>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <010d01c0d071$e0318f00$54880ec3@cytanet.com.cy>
Nope... a query string like p0=../../../../../../../../../../bin/ls|%00
doesn't work.
With regards,
Stan
At 09:01 29-4-2001 +0300, you wrote:
>Yeah but you can't execute commands right ?
>like:
>http://www.VULNERABLE.com/cgi-bin/cal_make.pl?p0=../../../../../../../../../
>../../../bin/ls%20/%00
>or something,
>this cannot be done... right ?
