[23651] in bugtraq
Active Perl path reveal
daemon@ATHENA.MIT.EDU (antoan miroslavov)
Sat Dec 29 14:48:56 2001
Date: 29 Dec 2001 18:53:39 -0000
Message-ID: <20011229185339.24430.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: antoan miroslavov <shaltera@yahoo.com>
To: bugtraq@securityfocus.com
I recently found this exploit in Active Perl for
Windows.If you request name with .pl extension
which doesn't exist in CGI-BIN Perl Interpreter returns
an error:
CGI Error
The specified CGI application misbehaved by not
returning a complete set of HTTP headers. The
headers it did return are:
Can't open perl script "C:\Inetpub\wwwroot\cgi-
bin\link1s.pl": No such file or directory
Antoan Miroslavov
