Hi everybody, I just looked through some scans, and I found one problem over and over again: Is it a really good practice to write code like this? Can we really expect the same directory structure everywhere? "string(cgibin,"/apexec.pl?etype=odp&template=../../../../../../../../../etc /passwd%00.html&passurl=/category/")" (anaconda.nasl, htmlscript.nasl, ...) SuSE 7: /usr/local/httpd/cgi-bin /usr/local/httpd/htdocs Redhat 5: /home/httpd/cgi-bin /home/httpd/html Redhat 7: /var/www/cgi-bin /var/www/html Debian: /var/www/ /usr/lib/cgi-bin/ Not to mention webhoster configs like: /homepages/d/www.dee.com/htdocs I hope you see what I mean - I suggest at least 4-5 variations (../, ../../, etc). A other problem is the trigger for some windows scans. I don't think we should look for "c:\windows" - I suggest c:\boot.ini for WinNT/2K/XP and c:\autoexec.bat for Win9x/ME. Examples: idq_dll.nasl: "/query.idq?CiTemplate=../../../../../winnt/win.ini"; Won't work with Windows XP (windows/win.ini) Other opinions? Regards, Felix Huber ------------------------------------------------------- Felix Huber, Security Consultant, Webtopia Guendlinger Str.2, 79241 Ihringen - Germany huberfelixat_private (07668) 951 156 (phone) http://www.webtopia.de (07668) 951 157 (fax) (01792) 205 724 (mobile) -------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Dec 29 2001 - 08:28:34 PST