|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
FormHandler.cgi
Mnemonix (mnemonix
GLOBALNET.CO.UK)
Fri, 12 Nov 1999 06:05:52 -0000
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Anonymous: "Re: CERT Advisory CA-99-14 Multiple Vulnerabilities in BIND"
- Previous message: pedwardWEBCOM.COM: "Re: F5 Networks Security Advisory (fwd)"
- Next in thread: m4rcyS: "Re: FormHandler.cgi"
- Reply: m4rcyS: "Re: FormHandler.cgi"
A quick search of the databases didn't show anything about this particular problem though the principle is well recognised as an issue:
FormHandler.cgi available from http://www.cgi-perl.com/programs/FormHandler
uses hard coded physical paths for templates etc so it's possible to get sensitive files like /etc/passwd by modifying a site's form and submitting it.
Cheers,
David Litchfield
http://www.infowar.co.uk/mnemonix/
Cerberus Information Security
+44(0)181 661 7405
- Next message: Anonymous: "Re: CERT Advisory CA-99-14 Multiple Vulnerabilities in BIND"
- Previous message: pedwardWEBCOM.COM: "Re: F5 Networks Security Advisory (fwd)"
- Next in thread: m4rcyS: "Re: FormHandler.cgi"
- Reply: m4rcyS: "Re: FormHandler.cgi"
This archive was generated by hypermail 2.0b3 on Fri Nov 12 1999 - 12:47:21 CST