Active Perl path reveal

From: antoan miroslavov (shalteraat_private)
Date: Sat Dec 29 2001 - 10:53:39 PST

Next message: David LeBlanc: "RE: Too much misleading advice on the Universal Plug-and-Play security hole"

Previous message: Matthew Caron: "Re: Too much misleading advice on the Universal Plug-and-Play security hole"
Next in thread: alan fong: "Re: Active Perl path reveal"
Reply: alan fong: "Re: Active Perl path reveal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) I recently found this exploit in Active Perl for Windows.If you request name with .pl extension which doesn't exist in CGI-BIN Perl Interpreter returns an error: CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: Can't open perl script "C:\Inetpub\wwwroot\cgi- bin\link1s.pl": No such file or directory Antoan Miroslavov

Next message: David LeBlanc: "RE: Too much misleading advice on the Universal Plug-and-Play security hole"
Previous message: Matthew Caron: "Re: Too much misleading advice on the Universal Plug-and-Play security hole"
Next in thread: alan fong: "Re: Active Perl path reveal"
Reply: alan fong: "Re: Active Perl path reveal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Dec 29 2001 - 11:46:00 PST