Bugtraq mailing list archives
CGI security
From: kerb () FNUSA COM (Kerb)
Date: Sun, 12 Sep 1999 09:57:35 -0500
I just read most of the Phrack article about CGI security, and it made me wonder about another possible exploit. You'll have to correct me if I am wrong, as I am not real familiar with C, but would it be possible to throw an EOF character into a string? Maybe a query string? Now that doesnt sound all that great as is, but if you think about it, URL's are logged into the web logs, and a lot of administrators either have a program or just grep the access_log for attempts to exploit CGI vulnerabilities (scanners, etc). Now this is where it gets good. Would it be possible to tack an EOF file into a query string on a normal request, even for a static page (/index.html?EOF), then follow up with an exploit? That way, if it works as I think it might, then when the log file is checked, it finds that EOF character and stops there, thinking it is the end of the file. That would effectively cover your tracks. As a CGI programmer, I'd appreciate any feedback. -Kerb
Current thread:
- Redhat 6.0 Password Issues root3d (Sep 08)
- <Possible follow-ups>
- Re: Redhat 6.0 Password Issues Josh Higham (Sep 10)
- Re: Redhat 6.0 Password Issues Erik Parker (Sep 11)
- Re: Redhat 6.0 Password Issues Alan Brown (Sep 11)
- CGI security Kerb (Sep 12)
- Re: CGI security Ivo van der Wijk (Sep 13)
- Re: CGI security Vladimir Dubrovin (Sep 14)
- Re: CGI security Arturo Busleiman (Sep 14)
- Multiple vulnerabilities in CDE Job de Haas (Sep 13)
- Re: Multiple vulnerabilities in CDE Troy A. Bollinger (Sep 13)
- Re: Multiple vulnerabilities in CDE Dan Astoorian (Sep 14)
- Vulnerability in dtspcd Job de Haas (Sep 13)
- Solaris 2.7 /usr/bin/mail Brock Tellier (Sep 13)
- Stack Shield 0.5 beta vendicator () USA NET (Sep 13)
- Re: Redhat 6.0 Password Issues Scott Manley (Sep 12)