Bugtraq mailing list archives
MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver
From: wizdumb () LEET ORG (Drew)
Date: Mon, 5 Jun 2000 10:34:07 +0200
MDMA Advisory #5 by Andrew Lewis aka. Wizdumb Reading of CGI Scripts under Savant Webserver It is possible to view the source of CGI scripts running under the Savant Webserver by omitting the HTTP version from your request. For example, we connect to port 80 of the server and type "GET /cgi-bin/mdma.bat HTTP/1.0" followed by two enters, and the results are as follows... ------------------------------------------------ HTTP/1.0 200 OK Pragma: no-cache Content-type: text/html Server: Savant phjeeeer ------------------------------------------------ However, if we just type "GET /cgi-bin/mdma.bat" followed by two enters, the results are as follows... ------------------------------------------------ @echo off rem CGI Script for demonstrating vulnerability echo phjeeeer ------------------------------------------------ The vendor has been contacted and a fix is in the pipeline. Greetz to everyone in MDMA, b0f, Vortexia, Blabber.Net's #hack, and everyone that knows me. Cheers, Andrew Lewis aka. Wizdumb PS. Savant is also affected by the /con/con bug - as if you were expecting otherwise ;-) --==--==--==--==-->> wizdumb () leet org www.mdma.za.net/fk
Current thread:
- Re: An Analysis of the TACACS+ Protocol and its Implementations Juan M. Courcoul (Jun 01)
- Re: An Analysis of the TACACS+ Protocol and its Implementations Eccentric (Jun 01)
- HP Security vulnerability in the man command Jason Axley (Jun 02)
- MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver Drew (Jun 05)
- Re: HP Security vulnerability in the man command Theo de Raadt (Jun 05)
- Re: HP Security vulnerability in the man command Philipp Buehler (Jun 06)
- Password Generation during RH Linux 6.x Installation William R. Lorenz (Jun 07)
- Re: Password Generation during RH Linux 6.x Installation Fabian Kroenner (Jun 08)
- Re: HP Security vulnerability in the man command V. T. Mueller (Jun 07)
- HP Security vulnerability in the man command Jason Axley (Jun 02)
- Re: An Analysis of the TACACS+ Protocol and its Implementations Eccentric (Jun 01)