Hi... At 09:43 12.10.01 -0000 you wrote: ---8<--------------------8<--------------------8<-------------------- ->When addressing a non-existent CGI script in the /cgi- ->bin folder (or other executable folders that contain ->CGI's) the webserver reveals the physical path of ->both the Python interpreter as well as the non- ->existent cgi-script. -> ->The output looks somewhat like: -> -><c:\program files\python\python.exe: can't open ->file 'c:\inetpub\wwwroot\cgi-bin\fakefile.cgi'> ---8<--------------------8<--------------------8<-------------------- Not python, it's IIS. Compare: http://www.securiteam.com/exploits/2XUPRRFQAG.html http://home.cyberarmy.com/kaladis/files/cgi-bugs.html greetings, jo +-------------------------------------------------------------------+ | __ __ __ __ _ _ It ain't over 'till it's Joerg Over... | | / _ \ V / -_) '_/ | | \___/\_/\___|_| | +-------------------------------------------------------------------+ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 12:23:46 PDT