Lastlines.cgi path traversal and command execution vulnerabilities discovered by BrainRawt. I wasn't planning on submitting this to bugtraq for its not a widely used cgi but it is still available for download and some people may be using it. lastlines.cgi is a script coded by David Powell that allows a user to view the contents of a logfile specified by the user. # $unixdir="path/here"; # $error_log is input by the user of the script. open(FILE, "$unix_dir/$error_log" This script inproperly filters in the input allowing the traditional "../../../../../" path traversal chars in return allowing the user to leave the hard coded $unix_dir and view any file readable by the webserver. EX:../../../../../../etc/motd This script is also missing a "<" in the open() function which will allow us to execute any command on that remote server that the webserver has permission to execute. EX: path/to/error_log;command arg1| Note: The author has been notified but hasnt replied. _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com
This archive was generated by hypermail 2b30 : Sun Dec 30 2001 - 17:41:34 PST