1996-12-30 - HOW TO HACK www.pgp.com – stupid CGI script xploit

Header Data

From: Secret Squirrel <nobody@squirrel.owl.de>
To: cypherpunks@toad.com
Message Hash: d4f1cfbf006e2577396b270e02986207cea0ad9f66b912bf2bd538beb0475616
Message ID: <19961230033149.11419.qmail@squirrel.owl.de>
Reply To: N/A
UTC Datetime: 1996-12-30 03:33:44 UTC
Raw Date: Sun, 29 Dec 1996 19:33:44 -0800 (PST)

Raw message

From: Secret Squirrel <nobody@squirrel.owl.de>
Date: Sun, 29 Dec 1996 19:33:44 -0800 (PST)
To: cypherpunks@toad.com
Subject: HOW TO HACK www.pgp.com -- stupid CGI script xploit
Message-ID: <19961230033149.11419.qmail@squirrel.owl.de>
MIME-Version: 1.0
Content-Type: text/plain


Go to www.pgp.com

Go To "Keyserver"

Go To "Query"

In the search window, type `whoami` (note the back quotes).

Watch for result.

How stupid.

Seems to be a common problem of cgi scripts.
      
like the one in norway...

xaxaxa

Thread

• Return to December 1996

• Return to “Secret Squirrel <nobody@squirrel.owl.de>”

• 1996-12-30 (Sun, 29 Dec 1996 19:33:44 -0800 (PST)) - HOW TO HACK www.pgp.com – stupid CGI script xploit - Secret Squirrel <nobody@squirrel.owl.de>