=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


    Date: Вт, 29 фев 2000  22:12:11

   От: 3APA3A <3APA3A@SECURITY.NNOV.RU>

 Кому: BUGTRAQ@SECURITYFOCUS.COM

 Тема: IIS dosn't check existance of local file before calling CGI

--------------------------------------------------------------------------------




Hello,



  There  is  another one way to retrieve a full path to local files in

  IIS4:



  If  there  is external CGI application configured for some file type

  and  this  application  doesn't  produce  correct  HTTP  headers IIS

  generates  an  error  with  output  of  application (both stdout and

  stderror).  The  problem is, that IIS doesn't check existance of the

  requested file before calling CGI application.



  For  example,  if perl configured as an external CGI program for .pl

  files     and     user     requests     nonexistent     .pl     file

  (http://www.somehost.com/nonexistant.pl)   IIS   calls   perl   with

  nonexistant.pl, and generates error message:





"<head><title>Error in CGI Application</title></head>

<body><h1>CGI Error</h1>The specified CGI application misbehaved by not

returning a complete set of HTTP headers.  The headers it did return

are:<p><p><pre>Can't open perl script

"d:\inetpub\wwwroot\present\security\nonexistant.pl":

No such file or directory

</pre>"





http://www.security.nnov.ru

         /\_/\

        { . . }     |\

+--oQQo->{ ^ }<-----+ \

|  3APA3A  U  3APA3A   }

+-------------o66o--+ /

                    |/

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*