Help on SSI and an apache server :D

Discuss the security implications of the various flavors of linux and unix

Help on SSI and an apache server :D

Post by tresorclub on Wed Jul 22, 2009 9:19 pm
([msg=27257]see Help on SSI and an apache server :D[/msg])

Hello World!

I'd like a little hint here...
I'm trying to test the security of a site, using some of the tools described in the various missions of this nice site, but i'm stuck...

I came on a site :
Apache/1.3.41 Server at web.***.*** Port 80
In the home search field of
http://web.***.***/
i tried some SSI commands : <!--#exec cmd=" " -->

Any command returns the same error :
http://web.***.***/bin/cgicso?query=%3C!--%23exec+cmd%3D%22ls%22+--%3E

Code: Select all
' results //-->

User data loaded as of Jul 22, Staff data loaded as of Jul 22.
cmd:unknown field.
Did not understand query.


It l0oks like the server is responding to the request because if i type a standard name like homer simpson i get the following error message :
http://web.***.***/bin/cgicso?query=homer+simpson

Code: Select all
User data loaded as of Jul 22, Staff data loaded as of Jul 22.
No matches to your query.


So i'm stuck and i'm wandering why commands aren't run even if server looks like he reads them?
Oh And what does the "+" mean in the error adress :
http://web.***.***/bin/cgicso?query=%3C!--%23exec+cmd%3D%22ls%22+--%3E cause i didn't typed it!?

sorry if this is the wrong place for posting, and Many Thanks :)
tresorclub
New User
New User
 
Posts: 5
Joined: Wed Jun 24, 2009 10:16 am
Blog: View Blog (0)


Re: Help on SSI and an apache server :D

Post by thedotmaster on Thu Jul 23, 2009 3:43 am
([msg=27270]see Re: Help on SSI and an apache server :D[/msg])

That server looks vulnerable to code injection if you ask me.
About the "+" thing, that's most likely a result of URL encoding of spaces - though why it didn't do so between the " " I don't know.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: Help on SSI and an apache server :D

Post by tresorclub on Thu Jul 23, 2009 9:19 am
([msg=27278]see Re: Help on SSI and an apache server :D[/msg])

Oh yes thanks dotmaster, the + looks like its a space cause its between the exec and cmd part of the code too.
There is no + between the " " though because i placed commands there (ls in the example)
tresorclub
New User
New User
 
Posts: 5
Joined: Wed Jun 24, 2009 10:16 am
Blog: View Blog (0)


Re: Help on SSI and an apache server :D

Post by thedotmaster on Thu Jul 23, 2009 12:55 pm
([msg=27287]see Re: Help on SSI and an apache server :D[/msg])

tresorclub wrote:Oh yes thanks dotmaster, the + looks like its a space cause its between the exec and cmd part of the code too.
There is no + between the " " though because i placed commands there (ls in the example)


Ah yeah. Glad to have helped 8-)
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)



Return to *nix

Who is online

Users browsing this forum: No registered users and 0 guests