Bugtraq mailing list archives
Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2)
From: ben () ALGROUP CO UK (Ben Laurie)
Date: Sat, 6 Nov 1999 18:54:33 +0000
[Snippage has occurred] Blue Boar wrote:
The format of the SSI command entered is as follows: <!--#exec cmd="cat /etc/group" You should place this command (or other desired command) somewhere in the comments. The format of the command is part of the problem, and why I'm thinking there may be some sloppiness in Apache. It appears that there is an assumption that SSI commands tend to be on lines by themselves, and are of the format: <!--# (SSI command) --> In my testing with the most recent Apache at the time (1.3.9) I found it took any of the following: <!--#exec cmd="cat /etc/group"--> <!--#exec cmd="cat /etc/group"> <!--#exec cmd="cat /etc/group" It also didn't seem to matter that it was in the middle of a line of HTML. I'm actually a bit more worried about how many other scripts make this assumption, and how long Apache has been making that be a bad assumption.
Apache doesn't make a bad assumption. If you don't want SSIs executing stuff, you shouldn't enable it. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
Current thread:
- Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Blue Boar (Nov 05)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Marc Slemko (Nov 06)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Ben Laurie (Nov 06)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Stephen White (Nov 06)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Steven Champeon (Nov 07)
- Patch for VirusWall 3.23. dark spyrit (Nov 07)
- Netscape Web Publisher Tim Jones (Nov 06)
- Re: Netscape Web Publisher Mnemonix (Nov 07)
- Re: Netscape Web Publisher nblasgen () NICK REFRACT COM (Nov 07)
- vwxploit.c unix port Sebastian (Nov 08)
- Windows NT Spooler Service. Avri Schneider (Nov 07)
- [w00giving '99 #2] IMAIL POP server Shok (Nov 07)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Blue Boar (Nov 07)
(Thread continues...)