NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2001-03

From: UkR hacking team (ukrteamUKR.NET)
Date: Tue Mar 27 2001 - 08:23:17 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---=== UkR security team - Advisory no. 11 ===---
Anaconda Clipper - 'arbitrary file retreival' vulnerability

Date: 27.03.2001

Problem: input validation error.

Vulnerable products: Anaconda Clipper ver. 3.3 (probably others, but not tested)

Product vendor: Anaconda / http://www.anaconda.net

Comment: '..' and '/' are not filtered while processing user input, so it is possible to enter arbitrary values to retreive files from remote sever, which should not be accessible normally (for ex., /etc/passwd).

Workaround:
# this will help in somewhat...
$input =~ s/[(\.\.)|\/]//g;

Author: UkR-XblP / UkR security team / http://www.ukrteam.ru

Example:
http://blah.somenonexistanthost.com/cgi-bin/anacondaclip.pl?template=../../../../../../../../../../../../../../../../../../etc/passwd

--------------------------------------------------------------------------------

UkR XblP

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]