OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: UkR hacking team (ukrteamUKR.NET)
Date: Tue Mar 27 2001 - 08:23:17 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ---=== UkR security team - Advisory no. 11 ===---
    Anaconda Clipper - 'arbitrary file retreival' vulnerability

    Date: 27.03.2001

    Problem: input validation error.

    Vulnerable products: Anaconda Clipper ver. 3.3 (probably others, but not tested)

    Product vendor: Anaconda / http://www.anaconda.net

    Comment: '..' and '/' are not filtered while processing user input, so it is possible to enter arbitrary values to retreive files from remote sever, which should not be accessible normally (for ex., /etc/passwd).

    Workaround:
    # this will help in somewhat...
    $input =~ s/[(\.\.)|\/]//g;

    Author: UkR-XblP / UkR security team / http://www.ukrteam.ru

    Example:
    http://blah.somenonexistanthost.com/cgi-bin/anacondaclip.pl?template=../../../../../../../../../../../../../../../../../../etc/passwd

    --------------------------------------------------------------------------------

    UkR XblP