Bugtraq mailing list archives
More test-cgi
From: epenneba () dynamo cso uiuc edu (Erik M Pennebaker)
Date: Thu, 12 Dec 1996 15:22:18 -0600
After installing apache1.2b1 on a few machines, I noticed that: http://some.machine.some.edu/cgi-bin/test-cgi? * (note the space after the "?") Gives: argc is 0. argv is . SERVER_SOFTWARE = Apache/1.2b1 [etc] SERVER_PROTOCOL = printenv test-cgi HTTP/1.0 [etc] QUERY_STRING = [etc] Note the file listing in the "SERVER_PROTOCOL" field. I've tried this on a few versions of the server, as far back as 1.03. It seems that distributions that changed $QUERY_STRING to "$QUERY_STRING" are still open to remote file listing. Sorry if this was mentioned already...I looked around my archive and the web archive, and only saw holes involving query_string. Quoting $SERVER_PROTOCOL seems to fix it....almost as well as deleting test-cgi. -Erik -- ----- Erik Pennebaker | http://www.uiuc.edu/ph/www/epenneba | epenneba () uiuc edu Question Reality CCSO Workstation Support Group, University of Illinois My opinions
Current thread:
- More test-cgi Erik M Pennebaker (Dec 12)
- Re: More test-cgi M Shariful Anam (Dec 13)