Re: test-cgi - Re: HTTP REQUEST METHOD flaw

From: Dr. Mudge (mudgeat_private)
Date: Fri Jan 15 1999 - 09:31:26 PST

Next message: Siva Sankar Adiraju: "Lotus Notes SMTP Server bug"

Previous message: //Stany: "Re: Checking for most recent Solaris Security Patches"
Maybe in reply to: monti: "test-cgi - Re: HTTP REQUEST METHOD flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I believe the original test-cgi problem was first publicly posted via a
L0pht Security Advisory in 1996. It also mentioned that several of the
variables were under user control.

Just for the record :)

.mudge

On Thu, 14 Jan 1999, Peter van Dijk wrote:

> A paper I wrote somewhere in 1997(!) notes that CONTENT_TYPE, CONTENT_LENGTH,
> HTTP_ACCEPT, HTTP_REFERER, PATH_INFO, PATH_TRANSLATED, QUERY_STRING,
> REQUEST_METHOD and SERVER_PROTOCOL are under control of the user.
>
> If you control your reverse and forward DNS, you could also theoretically
> control REMOTE_HOST.
>
> Greetz, Peter.
> --
> <squeezer> AND I AM GONNA KILL MIKE                |          Peter van Dijk
> <squeezer> hardbeat, als je nog nuchter bent:      | peterat_private
> <squeezer>   @date = localtime(time);              |  realtime security d00d
> <squeezer>   $date[5] += 2000 if ($date[5] < 37);  |
> <squeezer>   $date[5] += 1900 if ($date[5] < 99);  |        * blah *
>

Next message: Siva Sankar Adiraju: "Lotus Notes SMTP Server bug"
Previous message: //Stany: "Re: Checking for most recent Solaris Security Patches"
Maybe in reply to: monti: "test-cgi - Re: HTTP REQUEST METHOD flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:57 PDT