[18005] in bugtraq
Re: Filename Inspection+Perl can Executing commands
daemon@ATHENA.MIT.EDU (Tom Geldner)
Sun Dec 10 21:14:59 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Message-Id: <017201c060db$2d536bc0$0100a8c0@bosco>
Date: Thu, 7 Dec 2000 21:53:22 -0800
Reply-To: Tom Geldner <tom@XOR.CC>
From: Tom Geldner <tom@XOR.CC>
X-To: Billy Nothern <disk_key@HOTMAIL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
----- Original Message -----
From: "Billy Nothern" <disk_key@HOTMAIL.COM>
Here is an example URL an attacker could use:
http://host/."./."./Perl/eg/core/findtar+&+echo+hacked+>+c:\InetPub\ww
wroot\hacked.html+&+.pl
The whole discussion was interesting but speaking as a site the runs
ActiveState Perl, the assumptive directory layout you've outlined
doesn't seem correct. (Regardless, we don't have findtar in our Perl
libs.)
lib/core is what I've seen. Is this exploit specific to a particular
install or version of AS Perl for IIS?
Tom
