Re: PerlCal (CGI) show files vulnerability

From: Stan (stanat_private)
Date: Sun Apr 29 2001 - 01:01:41 PDT

Next message: joetestaat_private: "Vulnerabilities in BRS WebWeaver"

Previous message: Rick Updegrove: "Re: XML scripting in IE, Outlook Express"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Nope... a query string like p0=../../../../../../../../../../bin/ls|%00
doesn't work.

With regards,

Stan

At 09:01 29-4-2001 +0300, you wrote:
>Yeah but you can't execute commands right ?
>like:
>http://www.VULNERABLE.com/cgi-bin/cal_make.pl?p0=../../../../../../../../../
>../../../bin/ls%20/%00
>or something,
>this cannot be done... right ?

Next message: joetestaat_private: "Vulnerabilities in BRS WebWeaver"
Previous message: Rick Updegrove: "Re: XML scripting in IE, Outlook Express"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Apr 29 2001 - 12:03:57 PDT