29 Jul
1999
29 Jul
'99
15:57
hi! we have some suse and redhat boxes around here and i just tested our redhat machines for this exploit:
so you could probably send a nasty url to it like http://your.domain.tld/cgi-bin/test-cgi?;cat%20/etc/shadow%0a
but nothing happend. after checking the httpd.conf i saw that the httpd runs as user nobody on the redhat box. since i do not have access to the suse machines i cannot check if it runs there as nobody too so is it possible that on the suse boxes the httpd runs as non'nobody' which makes him able to read the /etc/shadow? cu stefan