Date: Sun, 6 May 2001 15:48:54 -0500 From: "Anthony Rubin" <arubin@concentric.net> To: "Kris Kennaway" <kris@obsecurity.org>, <security-officer@FreeBSD.org>, <www@FreeBSD.org> Subject: Re: Attack on dosendpr.cgi Message-ID: <000f01c0d66d$f6b8cf20$6400000a@violentmonkey.org> References: <20010506013753.A51338@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
dosendpr.cgi uses html.pl to parse it's input, which will allow any method, but from looking at the code it probably won't function correctly for anything other than GET or POST. Basically it checks if the method is GET and if so parses the environmental variable QUERY_STRING, otherwise it reads from STDIN without checking the method. This should work fine for POST, but I'm not sure offhand what will happen with various other methods. It populates a hash named %cgi_data with the data and stores the method in a scalar named $cgi_method. You could modify dosendpr.cgi to check $cgi_method, but it would be trivial to write a perl script to submit the form multiple times using POST. I don't have a suggestion at this time for the best solution for this problem. I would also like to point out that I have found no less than 4 different ways in which the CGI scripts are parsing their input: html.pl cgi-lib.pl CGI.pm (processing the input in the script itself) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-www" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000f01c0d66d$f6b8cf20$6400000a>