Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: ePerl: bad handling of ISINDEX queries

ePerl: bad handling of ISINDEX queries

Tiago Luz Pinto (tiagoEPS.UFSC.BR)
Mon, 6 Jul 1998 22:39:24 -0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Solar Designer: "Re: SmurfLog 1.0"
Previous message: Allanah Myles: "Re: Sun libnsl lameness"
Next in thread: Andrew Pimlott: "Re: ePerl: bad handling of ISINDEX queries"

    (ePerl is an embedded Perl Interpreter for HTTP servers)

* Description:
    Incorrect Handling of ISINDEX queries (command line argument)
when ePerl runs as a nph-cgi/cgi.

* Cause:
    According with the CGI/1.1 specification, the HTTP
server executes CGI's passing the ISINDEX field as a command
line argument. When ePerl runs and gets this argument
(argc > 1), it fails to set MODE_CGI, then tries to
open the argument for parsing/executing.

    This can lead to arbitrary Perl code being executed on
the server.

* Example:
http://foo.com/some/dir/doit.phtml?/home/ftp/incoming/executemycode.phtml


+----------------------------------------------------------------------+
|  Tiago Luz Pinto                                 tiagoeps.ufsc.br   |
|                                                                      |
|  Network Administrator  -      Department of Production Engineering  |
|  Federal University of Santa Catarina -                      Brazil  |
+----------------------------------------------------------------------+

Next message: Solar Designer: "Re: SmurfLog 1.0"
Previous message: Allanah Myles: "Re: Sun libnsl lameness"
Next in thread: Andrew Pimlott: "Re: ePerl: bad handling of ISINDEX queries"