[14146] in bugtraq
DNSTools v1.08 has no input validation
daemon@ATHENA.MIT.EDU (Jonathan Leto)
Thu Mar 2 15:51:33 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000302085915.A24813@leto.net>
Date: Thu, 2 Mar 2000 08:59:15 -0500
Reply-To: jonathan@leto.net
From: Jonathan Leto <jonathan@LETO.NET>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Hello all.
Dnstools 1.08 ( available at http://www.dnstools.com/dnst_v1.tgz ) has 18 cgi
scripts with various functions, like AddMx, DeleteDomain, that all start off like
this:
-----------------
#!/usr/bin/perl
use CGI;
use DBI;
my $CGI = new CGI;
########################################################
### Get all of the values from the web form
########################################################
my $host_name;
my $domain_name;
$host_name = $CGI->param("host_name");
$domain_name = $CGI->param("domain_name");
$error_description = "";
my $error_code = system("/usr/local/dnstools/delete_mx -d \"$domain_name\" -n \"$host_name\"");
-------------
Not a lick of input validation is done, so executing and poking around the filesystem as the webserver
is possible. It doesn't even vainly check the referrer.
This costs $800??
--
jonathan@leto.net
http://leto.net
"With pain comes clarity."
