chirpy said:
Sadly, mod_security is very easily bypassed.
The script as quoted is missing the < in the open command which defaults to read/write otherwise, so you may not be protected. Give this one a whirl and post the die message if it does:
Code:
#!/usr/bin/perl
use CGI::Carp qw(fatalsToBrowser);
print "content-type: text/html\n\n";
open (IN, "</usr/local/apache/conf/httpd.conf") or die "Enable to open httpd.conf: $!";
@lines = <IN>;
close (IN);
foreach $line (@lines) {print "$line<br>"}
MUMMMYYYY... Yaaaeeekksss... Holly Toledo..
Friday the 13th wasn't so scarry as this little script!
Ok,.. somebody find a solution for this please!
Bad CGI,.. Bad...
What logic would work to prevent it ever?
Apache must have access to this file.
The file location is always known to everyone with phpinfo(), so how do you train Apache not to disclose its internal affairs?
Is there a 3rd party mod_security_enhancement_thingy that can take care of this?
Some super suexec mod that can be compiled in and save us all?
-Alon.