Re: A couple NASLs for simple CGI traversals

From: sq (sqat_private)
Date: Fri Jan 04 2002 - 10:01:33 PST

Next message: Georges Dagousset: "Re: A couple NASLs for simple CGI traversals"

Previous message: Andrew Hintz (Drew): "A couple NASLs for simple CGI traversals"
Maybe in reply to: Andrew Hintz (Drew): "A couple NASLs for simple CGI traversals"
Next in thread: Georges Dagousset: "Re: A couple NASLs for simple CGI traversals"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You can get the CGI dir by calling cgibin(), like... cgidir = cgibin();

Yes, most of the plugins for UNIX CGI seem to look for /etc/passwd, and then parse for "root:".  You could cut down on one 'if' by just 
looking for "root:".  Also, the check for "0:0" may fail if root is any group besides 0.

if("root:"><dataretrieved) { security_hole(port:port); } 



Chris Sullo
____________________________________________________
http://www.cirt.net/
Default Passwords, Ports, SSIDs & more


> Here are NASLs for the zml.cgi and the PHP Rocket Add-in directory traversals.
> 
> Is there a KB item for the name of the cgi-bin directory?
> 
> Also, for directory traversals is there a standard file to check for on Unix boxes?  (In these two nasls I just use /etc/passwd and grep for 
root: and :0:0: to verify that it's actually /etc/passwd)
> 
> -- 
> ^Drew
> 
> http://guh.nu
>

Next message: Georges Dagousset: "Re: A couple NASLs for simple CGI traversals"
Previous message: Andrew Hintz (Drew): "A couple NASLs for simple CGI traversals"
Maybe in reply to: Andrew Hintz (Drew): "A couple NASLs for simple CGI traversals"
Next in thread: Georges Dagousset: "Re: A couple NASLs for simple CGI traversals"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 04 2002 - 10:02:02 PST