[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] SSI Vuln on cobalt
- Subject: [cobalt-security] SSI Vuln on cobalt
- From: Brett Wright <brett@xxxxxxxxxxxxx>
- Date: Fri, 19 Apr 2002 17:13:00 +1200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi list
SSI pages run as the web user... so if I made a page "iseethis.shtml" with
the source:
<html>
<body>
<!--#exec cmd="for i in $(locate service.pwd);do echo $i;cat $i;done" -->
</body>
</html>
I would get a list of all the frontpage hashes on the server. This is bad.
What is the best fix for this to allow CGI to excute but not cmd
HELP!!!
Regards
Brett