On Sun, Sep 12, 1999 at 09:57:35AM -0500, Kerb wrote: > I just read most of the Phrack article about CGI security, and it made me > wonder about another possible exploit. > You'll have to correct me if I am wrong, as I am not real familiar with C, but > would it be possible to throw an EOF > character into a string? Maybe a query string? Now that doesnt sound all that > great as is, but if you think about it, > URL's are logged into the web logs, and a lot of administrators either have a > program or just grep the access_log for > attempts to exploit CGI vulnerabilities (scanners, etc). Now this is where it > gets good. Would it be possible to > tack an EOF file into a query string on a normal request, even for a static > page (/index.html?EOF), then follow up > with an exploit? That way, if it works as I think it might, then when the log > file is checked, it finds that EOF character > and stops there, thinking it is the end of the file. That would effectively > cover your tracks. As a CGI programmer, > I'd appreciate any feedback. > EOF characters don't exist (at least not on Un*x) - a file ends when all of its bytes have been read. Ivo
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:03:20 PDT