[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    IIS dosn't check existance of local file before calling CGI
From:       3APA3A <3APA3A () SECURITY ! NNOV ! RU>
Date:       2000-02-29 19:12:11
[Download RAW message or body]

Hello,

  There  is  another one way to retrieve a full path to local files in
  IIS4:

  If  there  is external CGI application configured for some file type
  and  this  application  doesn't  produce  correct  HTTP  headers IIS
  generates  an  error  with  output  of  application (both stdout and
  stderror).  The  problem is, that IIS doesn't check existance of the
  requested file before calling CGI application.

  For  example,  if perl configured as an external CGI program for .pl
  files     and     user     requests     nonexistent     .pl     file
  (http://www.somehost.com/nonexistant.pl)   IIS   calls   perl   with
  nonexistant.pl, and generates error message:


"<head><title>Error in CGI Application</title></head>
<body><h1>CGI Error</h1>The specified CGI application misbehaved by not
returning a complete set of HTTP headers.  The headers it did return
are:<p><p><pre>Can't open perl script
"d:\inetpub\wwwroot\present\security\nonexistant.pl":
No such file or directory
</pre>"


http://www.security.nnov.ru
         /\_/\
        { . . }     |\
+--oQQo->{ ^ }<-----+ \
|  3APA3A  U  3APA3A   }
+-------------o66o--+ /
                    |/
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

[prev in list] [next in list] [prev in thread] [next in thread]