On Sun, Sep 12, 1999 at 09:57:35AM -0500, Kerb wrote:
> I just read most of the Phrack article about CGI security, and it made me
> wonder about another possible exploit.
> You'll have to correct me if I am wrong, as I am not real familiar with C, but
> would it be possible to throw an EOF
> character into a string? Maybe a query string? Now that doesnt sound all that
> great as is, but if you think about it,
> URL's are logged into the web logs, and a lot of administrators either have a
> program or just grep the access_log for
> attempts to exploit CGI vulnerabilities (scanners, etc). Now this is where it
> gets good. Would it be possible to
> tack an EOF file into a query string on a normal request, even for a static
> page (/index.html?EOF), then follow up
> with an exploit? That way, if it works as I think it might, then when the log
> file is checked, it finds that EOF character
> and stops there, thinking it is the end of the file. That would effectively
> cover your tracks. As a CGI programmer,
> I'd appreciate any feedback.
>
EOF characters don't exist (at least not on Un*x) - a file ends when all of its
bytes have been read.
Ivo
