('binary' encoding is not supported, stored as-is) Mailer: SecurityFocus All, I'm currently pen-testing a clients web-application running on IIS 4 & 5. They have implemented the logic in their website using CGI scripts written in Python. When addressing a non-existent CGI script in the /cgi- bin folder (or other executable folders that contain CGI's) the webserver reveals the physical path of both the Python interpreter as well as the non- existent cgi-script. The output looks somewhat like: <c:\program files\python\python.exe: can't open file 'c:\inetpub\wwwroot\cgi-bin\fakefile.cgi'> Has anyone experienced this,and has anyone figured out which versions of the Python interpreter that are vulnerable to this ? In addition, with some playing around with other characters in the URL preceeding the fake cgi, like /cgi-bin/""test&20fakefile.cgi, the resulting output turns: <c:\program files\python\python.exe: can't open file 'c:\inetpub\wwwroot\cgi-bin\test'> Interesting... (could this be exploited furhter, to have the interpreter execute other stuff ?) I've harvetsted various newsgroups for references to these issues, though without success. Any help or input greately appreciated. Cheers, Kristian kristian.franzenat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 06:47:49 PDT