Having too many "../" in a path should not be problem, since on a Unix host the "lowest" you can get is just "/". So if I'm in "/tmp" and execute "cd ../../../../" I am now in "/", just as if I'd only typed "cd ..". Having a bunch of "../" items in the path SHOULD ensure we end up back in / (no matter where we started) for any check, without having to test the CGI multiple times. Is there any file that exists on all versions of Windows that could be tested for? That would certainly add some efficiency to a number of CGI checks. -Chris >Can we really expect > the same directory structure everywhere? > "string(cgibin,"/apexec.pl?etype=odp&template=../../../../../../../../../etc > /passwd%00.html&passurl=/category/")" > (anaconda.nasl, htmlscript.nasl, ...) >
This archive was generated by hypermail 2b30 : Sat Dec 29 2001 - 08:47:18 PST