> Exploit #2: http://www.example.com/cgi-bin/awstats.pl?configdir=/tmp > with the attached file being placed in /tmp.
I see. So I assume that $LogFile must be run through Sanitize prior to
being opened, or at least checked for pipes?
I notcied the following related chunk of code:
# Deny LogFile if contains a pipe and PurgeLogFile || ArchiveLogRecords set
on
if (($PurgeLogFile || $ArchiveLogRecords) && $LogFile =~ /\|\s*$/) {
error("A pipe in log file name is not allowed if PurgeLogFile and
ArchiveLogRecords are not set to 0");
}
This suggests some previous thought about pipes. I'm trying to figure
out why they would ever be useful in a LogFile (since they are obviously
trying to account for them).
Is it correct to always deny pipes in LogFile?
Charles
--
A Christmas hug
A birthday kiss
Awaits
The woman
Who gives this
Burma-Shave
http://burma-shave.org/jingles/1940/a_christmas_hug
signature.asc
Description: Digital signature
