[6097] in bugtraq
www-sql cgi prog overrides .htaccess restrictions.
daemon@ATHENA.MIT.EDU (Mr LEROY christophe)
Mon Feb 9 11:20:44 1998
Date: Mon, 9 Feb 1998 10:59:09 -0500
Reply-To: Mr LEROY christophe <leroy@MEG.FR>
From: Mr LEROY christophe <leroy@MEG.FR>
To: BUGTRAQ@NETSPACE.ORG
www-sql is a cgi program to access a mysql database via a http server
and create easyly some pages from a query result.
That program acts as a filter, using PATH_TRANSLATED feature to
access html files on your server tree, and it translates <! sql ...> tags
into html viewable text, letting other parts of the html file unchanged.
The problem is that www-sql performs nothing to verify if a user can
access the intended PATH_TRANSLATED file.
So, suppose your htdocs tree is /home/htdocs/
you have a subdirectory /home/htdocs/protected/ in which you have
you have restricted access using .htaccess file.
In your browser, enter URL http://your.server/protected/something.html:
you get prompted a username and a password.
Now, enter URL http://your.server/cgi-bin/www-sql/protected/something.html:
you get the requested file
www-sql is available into Incoming sunsite directory
Christophe Leroy
