Date: Mon, 26 Jan 1998 18:49:37 -0600 From: Dennis Moore Subject: Vulnerability in htmlscript Htmlscript (www.htmlscript.com) has a vulnerability in it which allows you to access system files, presumably any file the web server user can access. I don't have the source or even a copy of the program itself, so I can't say whether this is a configuration problem or not. However, the fact that the site which distributes the software is vulnerable is not promising. According to its website, Miva (htmlscript 3.0) "is an HTML based web development language which provides the power of scripting via new, easy-to-use tags." The exploit: http://www.vulnerable.server.com/cgi-bin/htmlscript?../../../../etc/passwd I suppose the number of ..s will depend on the location of the cgi program. I glanced through their configuration file and it has a variable called 'htmlscriptroot' in it. Since you would apparently get an error if this were not set, I don't think setting it resolves the problem. I did not discover this exploit, and I have no previous experience with htmlscript. The individual who reported it to me wishes to remain anonymous. They confirmed the problem on at least one other server using the cgi. Please do not email me about this problem. -- pity this busy monster, manunkind, | Dennis Moore | Sarah not. Progress is a comfortable disease. | rainking@frenzy.com | McLachlan -e.e. cummings: One Times One | archon on the irc | "Black" If I cried me a river of all my confessions would I drown in my shallow regret?