OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: joetestahushmail.com
Date: Wed May 23 2001 - 15:45:37 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ----- Begin Hush Signed Message from joetestahushmail.com -----

    Vulnerability in viewsrc.cgi

        Overview

    viewsrc.cgi v2.0 is a source-code viewing CGI script available from
    http://www.mimanet.com/scripts. A vulnerability exists which
    allows a remote user to view any file on the server.

        Details

    The following URL demonstrates the problem:

        http://localhost/cgi-bin/viewsrc.cgi?
                             loc=../[any file outside restricted directory]

        Solution

    Apply the following patch to viewsrc.cgi:

    53a54,56
    > $FORM{'loc'} =~ s/\.\.//g;
    > $FORM{'loc'} =~ s/\\//g;
    > $FORM{'loc'} =~ s/\///g;
    65c68
    < open (INHTML, "$predo") or die &err_loc;

    ---
    >          open (INHTML, "<$predo") or die &err_loc;
    

    This patch removes any '..', '/', or '\'s present in the $FORM{'loc'} variable. It also makes the open() command safer by using the '<' read-only specifier.

    Vendor Status

    MIMAnet was contacted via <webmastermimanet.com> on Tuesday, May 1, 2001. Roberto R. Morelli <morellialtair7.com> quickly replied and stated that the problem was verified and an official fix would be released. Twenty two days have passed, and nothing has been done.

    - Joe Testa

    e-mail: joetestahushmail.com web page: http://hogs.rit.edu/~joet AIM: LordSpankatron

    ----- Begin Hush Signature v1.3 ----- DOrv4aKzsw/oqP1AX/hJLu6OSDg66o3htrFq10+HrfqZKQSij4O7yk37xInPmtf5jNmw G8UkEk5iwQVbI51+zG02T5KOB7YIdPTf6doAc2Inrxlhle1lkFX/56v3rVdb5uAkQk2F /4a6mDilaqcY+lwYkjyT1Yk0Wmz1dcwTF8Bp/wF6y7JaQ1F2EB4q/tgnSK8Q82T+ZlN7 csLmfX2BSub2gzldV8jI7swh4Qfog+V0ZFx0SB4Q5MiRdcQgcLxc2xf+ho2uNzd/sq93 QTW76yFXLiYlJOTmiLP8cgrB5Px9eu4Qstcf/JIiTPbosZSZq10H4svE/4NbLw5cvVoW e3OwbvzqZZVmQKzuW+xUgd9PJe7vObdo8Z4+cyLQNB1LOp15Fj0I0XHLk9TrDCcGv2cv FKu6LWn6Fmm0QbumoHXWZnOUP9pAA6MU2xv+EB2JD0hfweLYSNjQ1V4p/qEmYxrq3fFN Ldl5hjo+WxcV1l8vj15oG/KDqJA5m1PDA09sFVTKcfEt ----- End Hush Signature v1.3 -----

    This message has been signed with a Hush Digital Signature. To verify the signature, please go to www.hush.com/tools

    Free, encrypted, secure Web-based email at www.hushmail.com