Kristian, Maybe you can try to write your own cgi script in which you use the python interpreter of the server , you know the exact path now. Link this to a local html page and execucte your code on the remote machine. Good luck, Marco Kristian Franzen wrote: > Mailer: SecurityFocus > > All, > > I'm currently pen-testing a clients web-application > running on IIS 4 & 5. They have implemented the > logic in their website using CGI scripts written in > Python. > > When addressing a non-existent CGI script in the /cgi- > bin folder (or other executable folders that contain > CGI's) the webserver reveals the physical path of > both the Python interpreter as well as the non- > existent cgi-script. > > The output looks somewhat like: > > <c:\program files\python\python.exe: can't open > file 'c:\inetpub\wwwroot\cgi-bin\fakefile.cgi'> > > Has anyone experienced this,and has anyone figured > out which versions of the Python interpreter that are > vulnerable to this ? > > In addition, with some playing around with other > characters in the URL preceeding the fake cgi, > like /cgi-bin/""test&20fakefile.cgi, the resulting output > turns: > > <c:\program files\python\python.exe: can't open > file 'c:\inetpub\wwwroot\cgi-bin\test'> > > Interesting... (could this be exploited furhter, to have > the interpreter execute other stuff ?) > > I've harvetsted various newsgroups for references to > these issues, though without success. > > Any help or input greately appreciated. > > Cheers, > > Kristian > kristian.franzenat_private > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 10:29:27 PDT