Bugtraq mailing list archives
Re: emumail.cgi
From: merlyn () stonehenge com (Randal L. Schwartz)
Date: 09 Apr 2002 12:14:17 -0700
"MegaHz" == MegaHz <admin () cyhackportal com> writes:
MegaHz> u can also do this: MegaHz> http://site/emumail.cgi?type=/../../../../../etc/passwd%00 MegaHz> but u cannot do this: MegaHz> http://site/emumail.cgi?type=/../../../../../bin/ls%20/%00 It's Perl, so I bet they didn't check for pipe symbols at the beginning and ending either. That can launch things. I wish people who write Perl code for the net would at *least* read the Perl Web Security FAQ *at a minimum*, or hire an outside Perl company (like Stonehenge :) to vet the code. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <merlyn () stonehenge com> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Current thread:
- emumail.cgi acidneo (Apr 04)
- Re: emumail.cgi Tom Micklovitch (Apr 05)
- Re: emumail.cgi, one more local vulnerability (not verified) Leif Jakob (Apr 10)
- <Possible follow-ups>
- Re: emumail.cgi N|ghtHawk (Apr 05)
- Re: emumail.cgi MegaHz (Apr 08)
- Re: emumail.cgi Randal L. Schwartz (Apr 09)
- Re: emumail.cgi MegaHz (Apr 08)