[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] potential cgi vulnerability?

Subject: Re: [cobalt-users] potential cgi vulnerability?
From: "Craig Martin" <Craig@xxxxxxxxxxxxxxx>
Date: Mon Feb 18 12:01:04 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Thanks.
I elected to parse and remove any non-alphanumeric chars to be safe :)

Craig

----- Original Message -----
From: "John Adair" <J.Adair@xxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, February 19, 2002 2:16 AM
Subject: RE: [cobalt-users] potential cgi vulnerability?


> Hello,
>
>   I found these articles to be of use to myself and I know they will help
> you.
>
> http://phrack.org/show.php?p=49&a=8
> http://phrack.org/show.php?p=55&a=7
> http://hoohoo.ncsa.uiuc.edu/cgi/security.html
>
> - - -
> Opinions expressed do not necessarily represent the views of my employer.
>
> This message and any attachment are confidential and may be privileged or
> otherwise protected from disclosure. If you are not the intended
recipient,
> please telephone, fax or e-mail to the sender without delay.  Return this
> message or delete this message and any attachment from your system as per
> our request. If you are not the intended recipient you must not copy this
> message or attachments or disclose the contents to any other person.
>
> > -----Original Message-----
> > From: cobalt-users-admin@xxxxxxxxxxxxxxx
> > [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Craig Martin
> > Sent: Monday, February 18, 2002 12:49 PM
> > To: cobalt-users@xxxxxxxxxxxxxxx
> > Subject: [cobalt-users] potential cgi vulnerability?
> >
> >
> > let's say I have a simple submission form
> > a field is entered and sent to my cgi
> >
> > I later use this field as part of a command-line operation
> >
> > despite the fact it is url-encoded
> > am I vulenerable to any hack?
> > can somebody subvert the contents of that
> > field submit so that rogue statements are executed on
> > my commandline?
> >
> > or is url-encoding enought to prevent this?
> >
> > Craig
> >
> >
> > _______________________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > To Subscribe or Unsubscribe, please go to:
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- RE: [cobalt-users] potential cgi vulnerability?
  - From: John Adair

Prev by Date: RE: [cobalt-users] secondary dns
Next by Date: RE: [cobalt-users] potential cgi vulnerability?
Previous by thread: RE: [cobalt-users] potential cgi vulnerability?
Next by thread: RE: [cobalt-users] potential cgi vulnerability?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index