Bugtraq mailing list archives

FormHandler.cgi

From: mnemonix () GLOBALNET CO UK (Mnemonix)
Date: Fri, 12 Nov 1999 06:05:52 -0000


A quick search of the databases didn't show anything about this particular problem though the principle is well 
recognised as an issue:

FormHandler.cgi available from http://www.cgi-perl.com/programs/FormHandler 
uses hard coded physical paths for templates etc so it's possible to get sensitive files like /etc/passwd by modifying 
a site's form and submitting it.

Cheers,
David Litchfield
http://www.infowar.co.uk/mnemonix/
Cerberus Information Security
+44(0)181 661 7405

<!-- body="end" -->
<HR>

<UL>
<LI><STRONG>Next message:</STRONG> Anonymous: "Re: CERT Advisory CA-99-14 Multiple Vulnerabilities in BIND"
<LI><STRONG>Previous message:</STRONG> pedward () WEBCOM COM: "Re: F5 Networks Security Advisory (fwd)"
<LI><STRONG>Next in thread:</STRONG> m4rcyS: "Re: FormHandler.cgi"
<LI><STRONG>Reply:</STRONG> m4rcyS: "Re: FormHandler.cgi"
</UL>
<HR>

<SMALL>

This archive was generated by hypermail 2.0b3 
on Fri Nov 12 1999 - 12:47:21 CST</EM>
</EM>
</SMALL>
</BODY>
</HTML>

Current thread:

F5 Networks Security Advisory (fwd) Gwendolynn ferch Elydyr (Nov 10)
- Re: F5 Networks Security Advisory (fwd) pedward () WEBCOM COM (Nov 10)
  - Re: F5 Networks Security Advisory (fwd) Mike Johnson (Nov 11)
    - Re: F5 Networks Security Advisory (fwd) pedward () WEBCOM COM (Nov 11)
    - FormHandler.cgi Mnemonix (Nov 11)
    - Re: FormHandler.cgi m4rcyS (Nov 16)
    - hping2 antirez () INVECE ORG (Nov 16)
  - Re: F5 Networks Security Advisory (fwd) Rogier Wolff (Nov 12)