[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] SSI Vuln on cobalt

Subject: [cobalt-security] SSI Vuln on cobalt
From: Brett Wright <brett@xxxxxxxxxxxxx>
Date: Mon, 22 Apr 2002 09:06:32 +1200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi list
SSI pages run as the web user... so if I made a page "iseethis.shtml" withthe source:
html>
body>
!--#exec cmd="for i in $(locate service.pwd);do echo $i;cat $i;done" -->
 /body>
/html>
I would get a list of all the frontpage hashes on the server. This is bad.What is the best fix for this to allow CGI to excute but not cmd


This can be executed on a raq3i

HELP!!!

Regards
Brett

Follow-Ups:
- Re: [cobalt-security] SSI Vuln on cobalt
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-security] RAM for raq3?
Next by Date: Re: [cobalt-security] SSI Vuln on cobalt
Previous by thread: [cobalt-security] SSI Vuln on cobalt
Next by thread: Re: [cobalt-security] SSI Vuln on cobalt

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index