Re: multiple vulnerabilities in un-cgi

From: Carlo Strozzi (carlosat_private)
Date: Wed Jul 18 2001 - 01:09:57 PDT

Next message: Bronek Kozicki: "Re: Re[2]: W2k: Unkillable Applications"

Previous message: Haroon Meer: "Firewall-1 Information leak"
In reply to: Khamba Staring: "multiple vulnerabilities in un-cgi"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 17, 2001 at 12:48:12PM +0200, Khamba Staring wrote:
 > 
 > 1. uncgi does no relative directory checking; this means anyone can
 >    execute any program on the remote system as the http user (to some
 >    extent, permission wise of course) using the simple dot-dot-slash trick.

Can you provide the exploit code please ? I was not able to reproduce
the problem. I've tried with things like ../ and %2E%2E%2F but neither
worked, at least with Apache. All I get is the usual '404 Not Found' message.

cheers,
carlo
-- 
Per visualizzare il messaggio correttamente impostare il font Courier.
To display the message correctly please set the Courier font.

Next message: Bronek Kozicki: "Re: Re[2]: W2k: Unkillable Applications"
Previous message: Haroon Meer: "Firewall-1 Information leak"
In reply to: Khamba Staring: "multiple vulnerabilities in un-cgi"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 07:41:29 PDT