|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Not too serious alert: Perl and IIS
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: Not too serious alert: Perl and IIS
- From: mb <mbCHAMISPLACE.COM>
- Date: Thu, 9 Jul 1998 21:03:55 -0500
- Reply-To: mb <mbCHAMISPLACE.COM>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
This could be a larger security issue for those who store utility scripts in
their web directories as in the following example:
delete_logs.pl
other_script1.pl
...
other_scriptn.pl
where delete_logs.pl would get executed, being listed first for *.pl
In IIS 4, following should fix this:
- [Virtual] server properties
- Home Directory
- Configuration...
- Edit ".pl" entry
- Enable "Check that file exists"
-----Original Message-----
From: Nemo <mnemonixGLOBALNET.CO.UK>
To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
Date: Thursday, July 09, 1998 8:41 PM
Subject: Not too serious alert: Perl and IIS
Dear All,
This may have been noted before, but just in case it hasn't then I provide
the information here:
This was tested on NT Server 4.0 (with only service pack 3) running
Internet Information Server 3.0.
This may also happen on IIS 2.0 and 4.0. PWS may also be affected.
If you want to execute perl scripts on your web server you must (or rather
should) register an interpreter for the scripts in the registry:
HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ScriptMap
You can either use perl.exe or perlIS.dll:
*.pl c:\perl5\bin\perl.exe %s %s
If you do use perl.exe it seems that if the Web service receives a request
for a file with a pl extention, whether the file exists or not the
information is still passed to the interpreter, in this case perl.exe.
(What is slightly less important is that any request method can be used
even incorrect ones : GET, HEAD, POST, PUT, ABCD, ZXCV : Try telnetting to
a host:80 and request : CGHY /scripts/test.pl <CTRL M>)
Getting to the point : because the request is passed straight to perl.exe
if you ask for *.pl
(http://www.site.com/scripts/*.pl) then the use of a wildcard will cause
perl.exe to search for the first file with a pl extention in the current
directory and execute the commands in the script. You can also use partial
names eg env*.pl
This can lead to minor security problems.
I believe that if you use perlIS.dll this problem does not occur.
Mnemonix
http://www.users.globalnet.co.uk/~mnemonix
- Prev by Date: Re: MS IIS 3.0/4.0 FTP not RFC 959 conform
- Next by Date: Seattle Lab fixes security issue in SLmail
- Prev by thread: Not too serious alert: Perl and IIS
- Next by thread: Seattle Lab fixes security issue in SLmail
- Index(es):