Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Subject: Vuln in calender.pl (Matt Kruse calender script)
Date: Tue May 16 2000 - 14:59:12 CDT
- Next message: wizdumbLEET.ORG: "Various Lame Stuff"
- Previous message: Sebastian: "kscd vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I wouldnt normally post a small thing like this to bugtraq but i checked out
cgi-resources.com and it seems to be damn popular so someone here may care.
Oh yeah I notified Matt (the vendor) and he figured it wasnt really an issue.
Visit www.suid.kg/advisories/ for more crap like this.
suidsuid.kg - Matt Kruse Calendar Script Vulnerability
Software: Matt Kruse Calendar Script
Version: Version 2.2 and below?
Platforms: UNIX / Windows NT
Type: Input Validation Failure
Lame Factor: Damn High
Remote users can execute arbitrary commands on the web
server with the priviledge level of the httpd process.
Both the calender.pl and the calendar_admin.pl scripts fail to
perform proper input validation. The calender_admin.pl script
for example prompts the user for a configuration file to modify.
Then in an attempt to authenticate the user to verify they have
access to modify the specified configuration file, it passes
the user input straight to perl open(). *yoink*(tm)
calender_admin.pl - easiest
Assuming http://www.ownable.domain/ has calender.pl at:
The admin script by default is at:
Going to that URL will result in a username/password/configuration file
input fields. Ignoring username and password, enter:
(With the pipes) in the configuration file field.
I notice that calender.pl does not sanitise input either and is
vulnerable to an open attack but am not interested enough to write
duke - WHAT THE HELL!?>!