[VIM] man2web mess
security curmudgeon
jericho at attrition.org
Thu Sep 22 01:15:10 EDT 2005
: the man-cgi, man2web, and man2html "targets" are discriminated based on
: how the "-P" argument is appended to the /cgi-bin/man-cgi URL,
: suggesting to me that man-cgi is the binary, but under the hood there
: are multiple programs that are launched.
:
: But then again I just downloaded an old (2003) copy of "man2web" 0.88
: and a grep for man2html failed.
:
: A grab of "ManViewer" 0.9 from 2000 didn't help much, although it
: appears to call man2html but there's nothing for man2web.
:
: hmmmmmmmmmmmmmm
:
: Wonder if this exploit was tested on some custom installation.
:
: a mess, indeed...
For now I created an entry for each of the possible scripts, but I still
can't figure out where 'ManViewer' comes into play beyond the comments of
the various exploits.
Bleh!
More information about the VIM
mailing list