1996-11-29 - Re: cgi-bin vulnerability

Header Data

From: pjb@ny.ubs.com
To: deviant@pooh-corner.com
Message Hash: d3fd154bb3d00990a7159dc784d790145d8c869001072a25f529c0d335bee92c
Message ID: <199611291848.NAA16684@sherry.ny.ubs.com>
Reply To: N/A
UTC Datetime: 1996-11-29 18:48:52 UTC
Raw Date: Fri, 29 Nov 1996 10:48:52 -0800 (PST)

Raw message

From: pjb@ny.ubs.com
Date: Fri, 29 Nov 1996 10:48:52 -0800 (PST)
To: deviant@pooh-corner.com
Subject: Re: cgi-bin vulnerability
Message-ID: <199611291848.NAA16684@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


i think that i understand what you are trying to say, however, my purpose
in asking for this information has nothing to do with what i know.
i am pulling together a series of tests for our firewall, and am not
satisfied that the entries/cracks that i know are the only ones that exist,
therefore, i ask others for their input.  seems reasonable, doesn't it?

thanks for you response.

cheers,
	-paul

> From deviant@pooh-corner.com Fri Nov 29 12:55:52 1996
> Date: Fri, 29 Nov 1996 17:54:10 +0000 (GMT)
> From: The Deviant <deviant@pooh-corner.com>
> X-Sender: deviant@random.sp.org
> To: pjb@ny.ubs.com
> cc: cypherpunks@toad.com
> Subject: Re: cgi-bin vulnerability
> Organization: The Silicon Pirates
> MIME-Version: 1.0
> Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> 
> Content-Length: 1025
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Fri, 29 Nov 1996 pjb@ny.ubs.com wrote:
> 
> > does anyone have a pointer to any sample scripts for exploiting the cgi-bin/phf
> > vulnerability? 
> > 
> > cheers,
> > 	-paul
> > 
> 
> If you can't figure out how, you probably don't need to know. (actually,
> its so simple the average high school student could probablyfigure it out,
> if they knew what %0A meant... oops.. wasn't supposed to tell you that...
> ;)
> 
>  --Deviant
>    PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39
> 
> "All in all is all we are."
> 		-- Kurt Cobain
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQEVAwUBMp8jSjCdEh3oIPAVAQFkoAf+Nu62ObHyWHgDvkWAqqH7QTw4svfkELTB
> d5E8S1ghkyxL1219LwGljelQ+uHaZt4EGB/nnDfQo7H2J9fMDR1CLJRC+h95xxKM
> mKuAVbVT1W3nPm4+WP5DIplMvF/xVmextdbGLmAfYQksXQ4uGNRuaawS9G2ffYLP
> erBEN9XuxvVY0AnTYCErnpDdOhh4BNTi2+os86Ea+mXt2FG3D8y0pdfRSnOJm2YU
> yvQ7pUrMfhl9DGauc+lvb42B8OXWElnjYIFloxWr+rxACzS6NCbGF3izjfTv+2HX
> tRZUuwYNee3j+p7kDY9ebANJqWUcMtR9To5za1/vlA4QAtPl5HsaVw==
> =3/ok
> -----END PGP SIGNATURE-----
> 
> 





Thread