1996-11-29 - Re: cgi-bin vulnerability

Header Data

From: The Deviant <deviant@pooh-corner.com>
To: pjb@ny.ubs.com
Message Hash: 19fe15864e26a670a8dc17ef3feadc001aab8ac9e9a3155bd4aa1cd68790c1aa
Message ID: <Pine.LNX.3.94.961129175308.3227A-100000@random.sp.org>
Reply To: <199611291506.KAA16645@sherry.ny.ubs.com>
UTC Datetime: 1996-11-29 17:55:54 UTC
Raw Date: Fri, 29 Nov 1996 09:55:54 -0800 (PST)

Raw message

From: The Deviant <deviant@pooh-corner.com>
Date: Fri, 29 Nov 1996 09:55:54 -0800 (PST)
To: pjb@ny.ubs.com
Subject: Re: cgi-bin vulnerability
In-Reply-To: <199611291506.KAA16645@sherry.ny.ubs.com>
Message-ID: <Pine.LNX.3.94.961129175308.3227A-100000@random.sp.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 29 Nov 1996 pjb@ny.ubs.com wrote:

> does anyone have a pointer to any sample scripts for exploiting the cgi-bin/phf
> vulnerability? 
> 
> cheers,
> 	-paul
> 

If you can't figure out how, you probably don't need to know. (actually,
its so simple the average high school student could probablyfigure it out,
if they knew what %0A meant... oops.. wasn't supposed to tell you that...
;)

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

"All in all is all we are."
		-- Kurt Cobain


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMp8jSjCdEh3oIPAVAQFkoAf+Nu62ObHyWHgDvkWAqqH7QTw4svfkELTB
d5E8S1ghkyxL1219LwGljelQ+uHaZt4EGB/nnDfQo7H2J9fMDR1CLJRC+h95xxKM
mKuAVbVT1W3nPm4+WP5DIplMvF/xVmextdbGLmAfYQksXQ4uGNRuaawS9G2ffYLP
erBEN9XuxvVY0AnTYCErnpDdOhh4BNTi2+os86Ea+mXt2FG3D8y0pdfRSnOJm2YU
yvQ7pUrMfhl9DGauc+lvb42B8OXWElnjYIFloxWr+rxACzS6NCbGF3izjfTv+2HX
tRZUuwYNee3j+p7kDY9ebANJqWUcMtR9To5za1/vlA4QAtPl5HsaVw==
=3/ok
-----END PGP SIGNATURE-----






Thread