Home page logo
/

bugtraq logo Bugtraq mailing list archives

IIS dosn't check existance of local file before calling CGI
From: 3APA3A () SECURITY NNOV RU (3APA3A)
Date: Tue, 29 Feb 2000 22:12:11 +0300


Hello,

  There  is  another one way to retrieve a full path to local files in
  IIS4:

  If  there  is external CGI application configured for some file type
  and  this  application  doesn't  produce  correct  HTTP  headers IIS
  generates  an  error  with  output  of  application (both stdout and
  stderror).  The  problem is, that IIS doesn't check existance of the
  requested file before calling CGI application.

  For  example,  if perl configured as an external CGI program for .pl
  files     and     user     requests     nonexistent     .pl     file
  (http://www.somehost.com/nonexistant.pl)   IIS   calls   perl   with
  nonexistant.pl, and generates error message:

"<head><title>Error in CGI Application</title></head>
<body><h1>CGI Error</h1>The specified CGI application misbehaved by not
returning a complete set of HTTP headers.  The headers it did return
are:<p><p><pre>Can't open perl script
"d:\inetpub\wwwroot\present\security\nonexistant.pl":
No such file or directory
</pre>"

http://www.security.nnov.ru
         /\_/\
        { . . }     |\
+--oQQo->{ ^ }<-----+ \
|  3APA3A  U  3APA3A   }
+-------------o66o--+ /
                    |/
X5O!P% () AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


  By Date           By Thread  

Current thread:
  • IIS dosn't check existance of local file before calling CGI 3APA3A (Feb 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]