[VIM] man2web mess
Sullo
sullo at cirt.net
Thu Sep 22 08:34:49 EDT 2005
security curmudgeon wrote:
>: the man-cgi, man2web, and man2html "targets" are discriminated based on
>: how the "-P" argument is appended to the /cgi-bin/man-cgi URL,
>: suggesting to me that man-cgi is the binary, but under the hood there
>: are multiple programs that are launched.
>:
>: But then again I just downloaded an old (2003) copy of "man2web" 0.88
>: and a grep for man2html failed.
>:
>: A grab of "ManViewer" 0.9 from 2000 didn't help much, although it
>: appears to call man2html but there's nothing for man2web.
>:
>: hmmmmmmmmmmmmmm
>:
>: Wonder if this exploit was tested on some custom installation.
>:
>: a mess, indeed...
>
>For now I created an entry for each of the possible scripts, but I still
>can't figure out where 'ManViewer' comes into play beyond the comments of
>the various exploits.
>
>
Yeah, I spent a good hour trying to find those "programs" as part of
man-cgi program or stand-alone, and didn't come up with anything.
-Sullo
--
http://www.cirt.net/ | http://www.osvdb.org/
More information about the VIM
mailing list