|
Bugtraq
mailing list archives
Re: ePerl: bad handling of ISINDEX queries
From: pimlott () ABEL MATH HARVARD EDU (Andrew Pimlott)
Date: Wed, 8 Jul 1998 12:27:14 -0400
On Mon, 6 Jul 1998, Tiago Luz Pinto wrote:
(ePerl is an embedded Perl Interpreter for HTTP servers)
* Description:
Incorrect Handling of ISINDEX queries (command line argument)
when ePerl runs as a nph-cgi/cgi.
I notified the author of a variant of this bug last summer (which he
fixed; see
http://www.engelschall.com/sw/eperl/distrib/eperl-SNAP/ChangeLog). I
honestly wouldn't trust eperl for a minute. These are very simple
mistakes.
* Cause:
According with the CGI/1.1 specification, the HTTP
server executes CGI's passing the ISINDEX field as a command
line argument. When ePerl runs and gets this argument
(argc > 1), it fails to set MODE_CGI, then tries to
open the argument for parsing/executing.
This can lead to arbitrary Perl code being executed on
the server.
* Example:
http://foo.com/some/dir/doit.phtml?/home/ftp/incoming/executemycode.phtml
Andrew
"Do they give a Nobel Prize for attempted chemistry?"
- "Sideshow" Bob Terwilliger
 By Date 
By Thread
Current thread:
- Re: Sun libnsl lameness, (continued)
| 
Intro
