Home page logo
/

bugtraq logo Bugtraq mailing list archives

view-source
From: myst () LIGHT-HOUSE NET (myst)
Date: Sat, 8 Feb 1997 19:49:28 -0500


---------- Forwarded message from PLaGuEZ ----------
Date: Sat, 1 Jan 1994 04:01:53 +0100
From: PLaGuEZ <dube0866 () eurobretagne fr>
To: myst () light-house net


Hi.

I've just found a pretty ugly hole in view-source cgi-shell script.

   This script, which can be found  on some httpd distributions and
   in SCO Skunkware cdroms, is designed to display a given document
   located in $DOCUMENT_ROOT/$1 (where $DOCUMENT_ROOT is an
   environment variable set by the server).

Unhopefully view-source does not properly check the arguments.

   It is therefore possible to display any file on systems where
   view-source is world executable by sending something like

'http://www.server.com/cgi-bin/view-source?../../../../../../../etc/passwd&apos;



  Obviously this kind of so-called cgi has nothing to do in
  your cgi-bin directory... Maybe a day cgi will be secure ;)



Fix:
        rm -rf view-source
        _better_:   rm -rf cgi-bin/*



laters,


PLaGuEZ


-----------------------------------------------------
-          PLaGuEZ dube0866 () eurobretagne fr         -
-     http://home.virtual-pc.com/spartan/plaguez    -
-----------------------------------------------------



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]