Active Perl path reveal

From: antoan miroslavov (shaltera@yahoo.com)
Date: 12/29/01 

Date: 29 Dec 2001 18:53:39 -0000
From: antoan miroslavov <shaltera@yahoo.com>
To: bugtraq@securityfocus.com
('binary' encoding is not supported, stored as-is)

I recently found this exploit in Active Perl for
Windows.If you request name with .pl extension
which doesn't exist in CGI-BIN Perl Interpreter returns
an error:

CGI Error
The specified CGI application misbehaved by not
returning a complete set of HTTP headers. The
headers it did return are:

Can't open perl script "C:\Inetpub\wwwroot\cgi-
bin\link1s.pl": No such file or directory

Antoan Miroslavov

Relevant Pages

  • Re: IIS 5 and Perl scripts location
    ... > CGI Error ... > The specified CGI application misbehaved by not returning a complete ... > set of HTTP headers. ... So does Perl. ...
    (microsoft.public.inetserver.iis)
  • Re: Using mail:sendmail module on IIS6
    ... Windows 2003 server with IIS6 ... I try to send a mail from a perl script using the mail:sendmail ... CGI Error ... instead of the HTTP headers that the server expects. ...
    (comp.lang.perl.misc)
  • Re: Moderation update
    ... It is funny you should mention Perl ... CGI Error ... in the html code with the same error so I know the fault is in the ... skills in the language on a project that I can't afford to get wrong. ...
    (uk.religion.christian)
  • Re: A simple script (!)
    ... > I have tried writing a simple script but it fails. ... > Clicking on the link gives the message 'CGI Error - the specified ... Cocoa programming in Perl: http://camelbones.sourceforge.net ...
    (comp.infosystems.www.authoring.cgi)
  • Cant Compiling perl5.8.8 on FreeBSD6.2
    ... WITH_DEBUGGING=yes Build perl with debugging support. ... First let's make sure your kit is complete. ... What is the file extension used for shared libraries? ... I'll use sprintf to convert floats into a string. ...
    (comp.unix.bsd.freebsd.misc)