On Mon, Dec 12, 2011 at 09:32:07AM -0800, Tim wrote:
> > > > /?file=../../../../../../proc/self/environ%00 HTTP Response 200
> > > > /?mod=../../../../../../proc/self/environ%00 HTTP Response 200
> > > > /?page=../../../../../../proc/self/environ%00 HTTP Response 200
> > >
> > > It should be reasonably straightforward to try going to those urls
> > > yourself and see if it works.
> >
> > It's even more straightforward to believe the logging is not broken and
> > believe the 200 response code.
>
> That seems like a leap of faith. Hit any static directory page on
> your own web site (such as ones provided by index.html), provide a
> URL parameter like those agove, and see if it gives you a error. You
> probably won't, since any parameters supplied that aren't used are
> just going to be ignored. Or maybe I misunderstood what you're trying
> to say...
>
> Testing this attack for yourself is the key.
did both.
http://saunter.us/?file=../../../../../../proc/self/environ
pre-coffee and
http://michaelsnet.us/?file=../../../../../../proc/self/environ
after coffee and Jason's point that the ?... is a parameter to the index of
the directory.
so if you have a index.html(or .pl or ...) it will return 200 and show the
index.html results.
Cute.
What a day to learn things.
--
Michael Rasmussen, Portland Oregon
Other Adventures: http://www.jamhome.us/ or http://westy.saunter.us/
Fortune Cookie Fortune du jour:
I wonder if the things that remind me of you remind you of me.
_______________________________________________
PLUG mailing list
[email protected]
http://lists.pdxlinux.org/mailman/listinfo/plug
