Vulnerability Development mailing list archives
Re: CGI source being exposed using "~"
From: bri () IFOKR ORG (Brian Hatch)
Date: Sun, 7 May 2000 20:25:03 -0500
This problem allows anyone to view and download the source for any of the CGI scripts on their site. All that I did, was put a tild "~" at the end of the url to the cgi, and it popped up with the CGI source code, and some images etc, which the code references to within. None of it is formated when you first view it. However, if you just view the source of the page, right there infront of you, is the entire source code for the Perl CGI script.
It's likely that they're editing the program in that directory, and their editor is saving a backup copy each time they open it. Given the '~', it's likely they're using emacs. Not a webserver problem, just an oversight by whomever is writing/maintaining the scripts. -- Brian Hatch Whoa. Systems and Wrong book. Security Engineer http://www.ifokr.org/bri Every message PGP signed <HR NOSHADE> <UL> <LI>application/pgp-signature attachment: stored </UL>
Current thread:
- CGI source being exposed using "~" Nathan Einwechter (May 07)
- Re: CGI source being exposed using "~" Jonathan Williams (May 07)
- Re: CGI source being exposed using "~" Brian Hatch (May 07)
- Re: CGI source being exposed using "~" Richard Stevenson (May 07)
- Re: CGI source being exposed using "~" Pete Krawczyk (May 07)
- Re: CGI source being exposed using "~" phi-vuldev () EXORSUS NET (May 07)
- Re: CGI source being exposed using "~" Andrew Reisse (May 07)
- Re: CGI source being exposed using "~" Pavel Kankovsky (May 09)
- Re: CGI source being exposed using "~" javier (May 07)
- Re: CGI source being exposed using "~" Joe (May 08)
- Re: CGI source being exposed using "~" Bluefish (May 09)
- Re: CGI source being exposed using "~" Arturo Busleiman (May 08)
- Re: CGI source being exposed using "~" Jordan Dimov (May 08)
(Thread continues...)