It is true that the Doc domain "falls through" to the Cgi domain to
handle URLs like
/mumble/foo.cgi/extra/path/info
and indeed it causes it to try and execute things, which is probably bad.
How dangerous it actually is, I don't know. Depends on what's in your
doc tree. If you'd like to re-wack the way the document domain handles
this situation, you are welcome to prototype something for us.
>>>Jeff McWhirter said:
> I came across a possible security hole in tcl-httpd.
>
> If you hit a url that is some suffix added to a valid url the server
> will try to execute the valid file like a CGI script.
>
> For example hitting the url:
> http://localhost:8015/license.terms/foo
> results in:
> Got the error Bad Request
> while trying to obtain /license.terms/foo.
> Don't know how to execute CGI
> d:/ifc/tcl/tmp/tclhttpd2.3.7/htdocs/license.terms
>
> (Of course if this is a tcl or perl or exe file the server will just
> execute it).
>
> >From DocDomain in doc.tcl we have the culprit call:
> if {![DocFallback $path $suffix $sock]} {
> # Couldn't find anything.
> # check for cgi script in the middle of the path
> Cgi_Domain $virtual $directory $sock $suffix
> }
>
>
> -Jeff McWhirter
>
>
>
>
>
-- Brent Welch <[EMAIL PROTECTED]>
http://www.ajubasolutions.com
Scriptics changes to Ajuba Solutions
scriptics.com => ajubasolutions.com
