Penetration Testing mailing list archives
[PEN-TEST] /cgi-bin/htimage.exe vulnerability
From: "DonSata (ZekSata)" <zeksata () UNICRAFT COM>
Date: Fri, 15 Sep 2000 18:01:54 -0400
Hi all, In the same manner I asked about the "Debug command on Sendmail" in a mail a couple of days ago (by the way... MANY THANKS!! to you all, It really helped me. =) ) I would like to take some time from you again, but in this oportunity refering to the /cgi-bin/htimage.exe vulnerability. This is one that I also usually find in the wild. I have read about it, and wiped it from my servers. The deal is this... I have seen that in many sites, this flaw provides the abillity of executing arbitrary commands on the remote host by an attacker, but have not seen any code or explanation of how can this be achieved. It seems that the only information available refers to the fact that it may return the web server's physical path or produces a buffer overflow in the afected system. Does anybody have information about it? Thanks to you all again!! DonSata
Current thread:
- Re: [PEN-TEST] Debug command on Sendmail George Gales (Sep 13)
- <Possible follow-ups>
- Re: [PEN-TEST] Debug command on Sendmail Steven M. Christey (Sep 14)
- [PEN-TEST] /cgi-bin/htimage.exe vulnerability DonSata (ZekSata) (Sep 20)