Bugtraq mailing list archives
FormHandler.cgi
From: mnemonix () GLOBALNET CO UK (Mnemonix)
Date: Fri, 12 Nov 1999 06:05:52 -0000
A quick search of the databases didn't show anything about this particular problem though the principle is well recognised as an issue: FormHandler.cgi available from http://www.cgi-perl.com/programs/FormHandler uses hard coded physical paths for templates etc so it's possible to get sensitive files like /etc/passwd by modifying a site's form and submitting it. Cheers, David Litchfield http://www.infowar.co.uk/mnemonix/ Cerberus Information Security +44(0)181 661 7405 <!-- body="end" --> <HR> <UL> <LI><STRONG>Next message:</STRONG> Anonymous: "Re: CERT Advisory CA-99-14 Multiple Vulnerabilities in BIND" <LI><STRONG>Previous message:</STRONG> pedward () WEBCOM COM: "Re: F5 Networks Security Advisory (fwd)" <LI><STRONG>Next in thread:</STRONG> m4rcyS: "Re: FormHandler.cgi" <LI><STRONG>Reply:</STRONG> m4rcyS: "Re: FormHandler.cgi" </UL> <HR> <SMALL> This archive was generated by hypermail 2.0b3 on Fri Nov 12 1999 - 12:47:21 CST</EM> </EM> </SMALL> </BODY> </HTML>
Current thread:
- F5 Networks Security Advisory (fwd) Gwendolynn ferch Elydyr (Nov 10)
- Re: F5 Networks Security Advisory (fwd) pedward () WEBCOM COM (Nov 10)
- Re: F5 Networks Security Advisory (fwd) Mike Johnson (Nov 11)
- Re: F5 Networks Security Advisory (fwd) pedward () WEBCOM COM (Nov 11)
- FormHandler.cgi Mnemonix (Nov 11)
- Re: FormHandler.cgi m4rcyS (Nov 16)
- hping2 antirez () INVECE ORG (Nov 16)
- Re: F5 Networks Security Advisory (fwd) Mike Johnson (Nov 11)
- Re: F5 Networks Security Advisory (fwd) Rogier Wolff (Nov 12)
- Re: F5 Networks Security Advisory (fwd) pedward () WEBCOM COM (Nov 10)