Vulnerability Development mailing list archives
Re: FW: Serious Hole in Comment/Discussion CGI Script
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Fri, 27 Oct 2000 21:29:10 +0200
Well I tried the nullbyte/%00 trick and it was a no go. And no the script does not parse out metacharacters
But wait a second... No it won't work, because the script doesn't seem to
do "toAscii" conversion. Tried sending a raw zero, ascii 0? If the
operating system the script is used on doesn't allow it in environment, it
should work. Only I suspect most C-based operating systems will choke on
null in environments, so quite likely the bug remains theoretical.
Happy hunting in the bugtracking :)
..:::::::::::::::::::::::::::::::::::::::::::::::::..
http://www.11a.nu || http://bluefish.11a.nu
eleventh alliance development & security team
http://www.eff.org/cafe
Current thread:
- Serious Hole in Comment/Discussion CGI Script Barry Russell (Oct 27)
- Re: Serious Hole in Comment/Discussion CGI Script Vitaly McLain (Oct 27)
- Re: Serious Hole in Comment/Discussion CGI Script Barry Russell (Oct 27)
- Re: Serious Hole in Comment/Discussion CGI Script Joe (Oct 29)
- Re: Serious Hole in Comment/Discussion CGI Script Taneli Huuskonen (Oct 31)
- <Possible follow-ups>
- FW: Serious Hole in Comment/Discussion CGI Script Richard Bartlett (Oct 28)
- Re: FW: Serious Hole in Comment/Discussion CGI Script Bluefish (P.Magnusson) (Oct 29)
- Re: Serious Hole in Comment/Discussion CGI Script Vitaly McLain (Oct 27)