![[LWN Logo]](/images/lcorner.png) |
|
![[Timeline]](/images/Included.png) |
Date: Fri, 5 Jan 2001 13:06:57 +0100
From: Marco van Berkum <m.v.berkum@OBIT.NL>
Subject: Metacharacterbug in Fastgraf whois.cgi
To: BUGTRAQ@SECURITYFOCUS.COM
Metacharacterbug in the Fastgraf whois.cgi perlscript
-----------------------------------------------------
Author : Fastgraf (c) All rights reserved.
url : http://www.fastgraf.com
realeasedate : 03/01/99
Problem:
The whois.cgi script of Fastgraf has almost no metacharcterchecking
which enables attackers to execute commands as uid of the webserver.
The metacharcterbug in the script:
$FORM{'host'} =~ s/(\;)//g;
As you can see only the ";" gets deleted. So attackers are still able
to use pipes, redirectioncharacters and so on.
Solution:
Change the filtering to:
$FORM{'host'} =~ s/(\W)/\\$1/g;
The author has been notified to correct this problem.
grtz,
Marco van Berkum
------------------------------------------------------------
Sex is like hacking. You get in, you get out,
and you hope you didn't leave something behind
that can be traced back to you.
Marco van Berkum, System Operator/Security Analyst OBIT b.v.
RIPEHANDLE: MB17300-RIPE