On Sun, Jun 23, 2002 at 03:03:13PM +0100, Filipe Jorge Marques de Almeida wrote: > Don't forget this is not a serious vulnerability in many configurations (if the > user already has permission to run cgi scripts without suexec, SSI, etc). > > On Sat, Jun 22, 2002 at 09:27:48PM -0400, Michal Zalewski wrote: > > Check out what you get - file descriptors and other goodies - and perhaps > > it is a good time to cc: bugtraq or at least Apache guys?;-) > > -- > Filipe Almeida imho it's serious for freeweb providers, they become a freeshell providers ;) not mentioning that you can play a bit with port 80 socket, pernamently killing all childs to put your child for some use. defacing whole webserver, web sniffing IS possible. -- _ __/| \'X.X' sd@ircnet =(___)= http://sd.g-art.nl U
This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 21:41:08 PDT