[18333] in bugtraq
Re: BS Scripts Vulnerabilities
daemon@ATHENA.MIT.EDU (Raptor)
Fri Dec 22 18:51:54 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.30.0012221310260.181-100000@hacaro.rewt.mil>
Date: Fri, 22 Dec 2000 13:15:39 +0100
Reply-To: Raptor <raptor@ANTIFORK.ORG>
From: Raptor <raptor@ANTIFORK.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001221071931.28726.qmail@securityfocus.com>
I believe it's important to point out that just filtering out the ';' char
doesn't fix the problem. Think about using '&' or '&&' instead of it...
Some time ago i had an experience with a vendor i informed of a CGI bug:
they fixed the ';' problem in a lame way, so it was still possible to use
other chars to execute arbitrary commands.
I really think people should learn regex before coding a CGI script and
use them in a way that what is not explicitly accepted is denied (like on
good firewalls policies). Much more safer:)
:raptor
On Thu, 21 Dec 2000 rivendell_team@YAHOO.COM wrote:
> There are a couple of scripts from bsScripts
> (www.stanback.net) , that have holes in them
> because the author did not filter out ; from the form
> input. The scripts that this affects is bsguest (a
> guestbook script) and bslist (a mailing list script).
> The hole allows anyone to execute commands on the
> server. The author has been informed and the holes
> are now patched in the latest release.
Antifork Research, Inc. @ Mediaservice.net Srl
http://raptor.antifork.org http://www.mediaservice.net
