Vulnerability Development mailing list archives
CGI insecurities
From: hypoclear () JUNGLE NET (hypoclear - lUSt - (Linux Users Strike Today))
Date: Mon, 24 Jan 2000 04:52:35 -0000
I have a question about CGI insecurities. Let's suppose this... Your looking at a site with some CGI forms that do a couple of neato things, and most likely there is a vulnerability in these scripts. How would one go about exploiting these scripts? (I'm not talking about pumping 1000 A's into it, till it crashes. ;-) Do you need the source code for the script? Is there anyway to retrieve the code of the working script on the site? I'm posting to vuln-dev because I believe that it will help aid in the exploiting of CGI scripts... of course I could be wrong :-)
Current thread:
- Re: Generalized List of Threats and Vulnerabilities, (continued)
- Re: Generalized List of Threats and Vulnerabilities Seth R Arnold (Jan 21)
- Re: Generalized List of Threats and Vulnerabilities Crispin Cowan (Jan 23)
- Re: Generalized List of Threats and Vulnerabilities John Duksta (Jan 21)
- Administrivia #5218 Blue Boar (Jan 21)
- Re: Administrivia #5218 Imran Ghory (Jan 22)
- Re: Administrivia #5218 kjkotas (Jan 22)
- Re: Administrivia #5218 Granquist, Lamont (Jan 24)
- Re: Administrivia #5218 Bob Fiero (Jan 22)
- bruterh.sh & syslogd & [g]libc & proftpd & wu-ftpd & sendmail Michal Zalewski (Jan 23)
- things to break.. Inedag () AOL COM (Jan 23)
- CGI insecurities hypoclear - lUSt - (Linux Users Strike Today) (Jan 23)
- HTTP scanners? Scorpus Kahn (Jan 15)
- Re: HTTP scanners? Seth R Arnold (Jan 24)
- Re: CGI insecurities David Taylor (Jan 23)
- Re: CGI insecurities Blue Boar (Jan 23)
- Re: things to break.. Matthew S. Hallacy (Jan 23)
- Re: things to break.. Jeff Bachtel (Jan 23)
- Re: things to break.. Matt Conover (Jan 24)
- Re: things to break.. Jordan Ritter (Jan 25)
- Re: things to break.. WHiTe VaMPiRe (Jan 24)
- Re: things to break.. Jordan Ritter (Jan 25)