i think that i understand what you are trying to say, however, my purpose in asking for this information has nothing to do with what i know. i am pulling together a series of tests for our firewall, and am not satisfied that the entries/cracks that i know are the only ones that exist, therefore, i ask others for their input. seems reasonable, doesn't it? thanks for you response. cheers, -paul

From deviant@pooh-corner.com Fri Nov 29 12:55:52 1996 Date: Fri, 29 Nov 1996 17:54:10 +0000 (GMT) From: The Deviant <deviant@pooh-corner.com> X-Sender: deviant@random.sp.org To: pjb@ny.ubs.com cc: cypherpunks@toad.com Subject: Re: cgi-bin vulnerability Organization: The Silicon Pirates MIME-Version: 1.0 Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> Content-Length: 1025

-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 29 Nov 1996 pjb@ny.ubs.com wrote:

...

does anyone have a pointer to any sample scripts for exploiting the cgi-bin/phf vulnerability?

cheers, -paul

If you can't figure out how, you probably don't need to know. (actually, its so simple the average high school student could probablyfigure it out, if they knew what %0A meant... oops.. wasn't supposed to tell you that... ;)

--Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

"All in all is all we are." -- Kurt Cobain

-----BEGIN PGP SIGNATURE----- Version: 2.6.2

iQEVAwUBMp8jSjCdEh3oIPAVAQFkoAf+Nu62ObHyWHgDvkWAqqH7QTw4svfkELTB d5E8S1ghkyxL1219LwGljelQ+uHaZt4EGB/nnDfQo7H2J9fMDR1CLJRC+h95xxKM mKuAVbVT1W3nPm4+WP5DIplMvF/xVmextdbGLmAfYQksXQ4uGNRuaawS9G2ffYLP erBEN9XuxvVY0AnTYCErnpDdOhh4BNTi2+os86Ea+mXt2FG3D8y0pdfRSnOJm2YU yvQ7pUrMfhl9DGauc+lvb42B8OXWElnjYIFloxWr+rxACzS6NCbGF3izjfTv+2HX tRZUuwYNee3j+p7kDY9ebANJqWUcMtR9To5za1/vlA4QAtPl5HsaVw== =3/ok -----END PGP SIGNATURE-----