[9167] in bugtraq
Perl.exe and IIS security advisory
daemon@ATHENA.MIT.EDU (mnemonix)
Fri Jan 22 12:59:16 1999
Date: Fri, 22 Jan 1999 20:58:33 -0000
Reply-To: mnemonix <mnemonix@GLOBALNET.CO.UK>
From: mnemonix <mnemonix@GLOBALNET.CO.UK>
X-To: ntbugtraq@listserv.ntbugtraq.com
To: BUGTRAQ@NETSPACE.ORG
There is a problem with perl.exe similar to the issue discussed in KB
article Q193689 where the physical disk location of a virtual web directory
can be ascertained.
In all versions of IIS, where a website has been configured to interpret
perl scripts using the perl executable (perl.exe), a problem exists where a
request for a non-existent file will return the physical location on a disk
of a web directory. A request for:
http://www.server.com/scripts/no-such-file.pl
will return information similar to the following:
CGI Error
The specified CGI application misbehaved by not returning a complete set of
HTTP headers. The headers it did return are:
Can't open perl script "C:\InetPub\scripts\no-such-file.pl": No such file or
directory
Previously this was a problem when requesting a non-existent .IDC file but
this was resolved with Service Pack 4.
To resolve this problem in IIS 2 and 3 you can use perlis.dll, the ISAPI
version of the perl interpreter, instead of the executable. You can use
this in IIS 4 as well, however, if you still want to use perl.exe you can
configure IIS to check for the file's existence.
NTInfoScan, downloadable from
http://www.infowar.co.uk/mnemonix/ntinfoscan.htm , checks for this problem
and the .IDC issue as well as other security checks.
Cheers,
David Litchfield
