https://sourceforge.net/p/npascal/bugs/2004-04-16T16:06:14ZRecent changes to bugs2004-04-16T16:06:14Z2004-04-16T16:06:14ZJoxean Korethttps://sourceforge.net/u/joseanpiti/https://sourceforge.net27c67a8c487bd66b154083a87d9df5d860b816da

<div class="markdown_content"><p>For example, the following URL :</p> <p><a href="http://server/cgi-bin/prog1.psp?param1+param2" rel="nofollow">http://server/cgi-bin/prog1.psp?param1+param2</a></p> <p>Will produce the output of interpretates the "param1"<br /> filename and "param2" filename. This bug is caused<br /> because the options passed to the PSP binary are<br /> allways interpreteds as Scripts to parse.</p> <p>This is a security hole because when can make the<br /> following actions : </p> <p><a href="http://server/cgi-bin/prog1.psp?param1+/etc/passwd" rel="nofollow">http://server/cgi-bin/prog1.psp?param1+/etc/passwd</a><br /> <a href="http://server/cgi-bin/prog1.psp?param1+/etc/shadow" rel="nofollow">http://server/cgi-bin/prog1.psp?param1+/etc/shadow</a><br /> <a href="http://server/cgi-bin/prog1.psp?param1+/etc/..." rel="nofollow">http://server/cgi-bin/prog1.psp?param1+/etc/...</a></p></div>

2004-04-16T15:33:46Z2004-04-16T15:33:46ZJoxean Korethttps://sourceforge.net/u/joseanpiti/https://sourceforge.netaef067b534995e2a005c1db912bb8df9729abb73

<div class="markdown_content"><p>You can modify the /etc/pspc.conf file writing the<br /> correspond<br /> source in a PSP script.</p> <p>The configuration file may be modified under Linux because <br /> the permissions are read+write.</p> <p>Read+write permissions of the PSP configuration file<br /> not are <br /> needes, only read permission.</p></div>