[9083] in bugtraq
Re: test-cgi - Re: HTTP REQUEST METHOD flaw
daemon@ATHENA.MIT.EDU (Dr. Mudge)
Fri Jan 15 15:07:53 1999
Date: Fri, 15 Jan 1999 12:31:26 -0500
Reply-To: "Dr. Mudge" <mudge@L0PHT.COM>
From: "Dr. Mudge" <mudge@L0PHT.COM>
X-To: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19990114093533.L7568@attic.vuurwerk.nl>
I believe the original test-cgi problem was first publicly posted via a
L0pht Security Advisory in 1996. It also mentioned that several of the
variables were under user control.
Just for the record :)
.mudge
On Thu, 14 Jan 1999, Peter van Dijk wrote:
> A paper I wrote somewhere in 1997(!) notes that CONTENT_TYPE, CONTENT_LENGTH,
> HTTP_ACCEPT, HTTP_REFERER, PATH_INFO, PATH_TRANSLATED, QUERY_STRING,
> REQUEST_METHOD and SERVER_PROTOCOL are under control of the user.
>
> If you control your reverse and forward DNS, you could also theoretically
> control REMOTE_HOST.
>
> Greetz, Peter.
> --
> <squeezer> AND I AM GONNA KILL MIKE | Peter van Dijk
> <squeezer> hardbeat, als je nog nuchter bent: | peter@attic.vuurwerk.nl
> <squeezer> @date = localtime(time); | realtime security d00d
> <squeezer> $date[5] += 2000 if ($date[5] < 37); |
> <squeezer> $date[5] += 1900 if ($date[5] < 99); | * blah *
>
