Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: web4979.htm

Faqmanager.cgi - read files on the server
8th Jan 2002 [SBWID-4979]



	Faqmanager.cgi versions before 2.2.6


	Nu Omega Tau posted :

	Faqmanager can be used to read files on the server the httpd has  access




	will show the system\'s  /etc/passwd  file.  Exploitation  with  Windows
	systems wasn\'t tested.



	Update available :


	Note: The new version seems to be semi-secure, it  doesn\'t  filter  out
	the nullbyte, just the slash. Also doesn\'t it filter out dots. On  some
	operating systems, I believe only BSD ones, bugs like these can be  used
	to read directory listings. For example when entering a dot the  current
	directory\'s listing can be viewed. Also, the source to scripts  in  the
	current directory can still  be  viewed,  nasty  if  you  installed  the
	script directly in your /cgi-bin directory and you  got  al  your  other
	scripts in there too.  A  solution  would  be  to  replace  the  untaint
	routine in the script with this slightly modified one that  filters  out
	the nullbyte:

	sub untaint 


	  return \"\" if (!$_[0]); 


	  my $taint = $_[0]; 


	  $taint =~ s/[\\|\\/]//g; 

	  $taint =~ s/\\0//gii; 

	  $taint =~ /^[\\<\\+\\>]*(.*)$/gi; 

	  return $1;  # _not_ return $taint 



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH