|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ePerl: bad handling of ISINDEX queries
Andrew Pimlott (pimlott
ABEL.MATH.HARVARD.EDU)Wed, 8 Jul 1998 12:27:14 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Alan Cox: "Re: ncurses 4.1 security bug"
- Previous message: Paul Boehm: "sentry"
- In reply to: Tiago Luz Pinto: "ePerl: bad handling of ISINDEX queries"
- Next in thread: Steve Willer: "Re: ePerl: bad handling of ISINDEX queries"
On Mon, 6 Jul 1998, Tiago Luz Pinto wrote: > (ePerl is an embedded Perl Interpreter for HTTP servers) > > * Description: > Incorrect Handling of ISINDEX queries (command line argument) > when ePerl runs as a nph-cgi/cgi. I notified the author of a variant of this bug last summer (which he fixed; see http://www.engelschall.com/sw/eperl/distrib/eperl-SNAP/ChangeLog). I honestly wouldn't trust eperl for a minute. These are very simple mistakes. > * Cause: > According with the CGI/1.1 specification, the HTTP > server executes CGI's passing the ISINDEX field as a command > line argument. When ePerl runs and gets this argument > (argc > 1), it fails to set MODE_CGI, then tries to > open the argument for parsing/executing. > > This can lead to arbitrary Perl code being executed on > the server. > > * Example: > http://foo.com/some/dir/doit.phtml?/home/ftp/incoming/executemycode.phtml Andrew "Do they give a Nobel Prize for attempted chemistry?" - "Sideshow" Bob Terwilliger
- Next message: Alan Cox: "Re: ncurses 4.1 security bug"
- Previous message: Paul Boehm: "sentry"
- In reply to: Tiago Luz Pinto: "ePerl: bad handling of ISINDEX queries"
- Next in thread: Steve Willer: "Re: ePerl: bad handling of ISINDEX queries"