[21593] in bugtraq
Re: multiple vulnerabilities in un-cgi
daemon@ATHENA.MIT.EDU (Carlo Strozzi)
Wed Jul 18 10:43:05 2001
Date: Wed, 18 Jul 2001 10:09:57 +0200
To: bugtraq@securityfocus.com
Cc: purrcat@edoropolis.org
Message-ID: <20010718100957.A2740@tango.texne.com>
Mail-Followup-To: carlos@outgoing.securityfocus.com,
bugtraq@securityfocus.com, purrcat@edoropolis.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200107171048.f6HAmCg89459@francine.edoropolis.org>; from purrcat@edoropolis.org on Tue, Jul 17, 2001 at 12:48:12PM +0200
From: Carlo Strozzi <carlos@texne.com>
On Tue, Jul 17, 2001 at 12:48:12PM +0200, Khamba Staring wrote:
>
> 1. uncgi does no relative directory checking; this means anyone can
> execute any program on the remote system as the http user (to some
> extent, permission wise of course) using the simple dot-dot-slash trick.
Can you provide the exploit code please ? I was not able to reproduce
the problem. I've tried with things like ../ and %2E%2E%2F but neither
worked, at least with Apache. All I get is the usual '404 Not Found' message.
cheers,
carlo
--
Per visualizzare il messaggio correttamente impostare il font Courier.
To display the message correctly please set the Courier font.
