Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: bt362.txt

Monkey Http Daemon





After reading the PHP XSS "exploit" (I dont know if it qualifies as one) 
in phpinfo(), I found out that on the default page of the Monkey Http 
Daemon, there is a Test of Supports section. Two links are included:
http://whateverhost/php/index.php
and
http://whateverhost/cgi-bin/test.pl

index.php just contains 'echo phpinfo(); '

Also, test.pl doesnt check for valid input on the forms, so you can 
include HTML code, etc. Pretty useless, I know, but I've been reading 
posts about this kind of stuff, so I thought i would throw in this. 
Found this on the version 0.7.1 version, the latest one i found on 
freshmeat.net. I havent contacted the author since I dont know if this 
is really a big deal or not.

Well, sorry for bothering and I hope I dont get flamed or anything


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH