[9067] in bugtraq
AW: test-cgi
daemon@ATHENA.MIT.EDU (Adrian Dabrowski)
Fri Jan 15 02:51:16 1999
Date: Fri, 15 Jan 1999 01:14:48 +0100
Reply-To: "atrox@htl-tex.ac.at" <atrox@htl-tex.ac.at>
From: Adrian Dabrowski <atrox@TELEWEB.AT>
To: BUGTRAQ@NETSPACE.ORG
test-cgi should be banned from any system shortly after installation
anyway.
PATH_TRANSLATED can be abused by adding a / or a /~username to test-cgi.
This will give you the real pathname of the htdocs-dir respectively the
real pathname of an users $HOME/public_html.
This info could gain importance to a hacker in combination with some other
bug.
atrox'99
