AOH :: Web :: Apps :: CLIPPR33.HTM

AOH :: Web :: Apps :: CLIPPR33.HTM
Anaconda Clipper 3.3 retrieve artbitrary files

Vulnerability

    Clipper

Affected

    Anaconda Clipper 3.3 (probably others)

Description

    Following is based on a UkR  security team Advisory no. 11.   '..'
    and '/'  are not  filtered while  processing user  input, so it is
    possible to enter arbitrary  values to retreive files  from remote
    sever,  which  should  not   be  accessible  normally  (for   ex.,
    /etc/passwd).  Example:

        http://blah.somenonexistanthost.com/cgi-bin/anacondaclip.pl?template=../../../../../../../../../../../../../../../../../../etc/passwd

Solution

    This will help in somewhat:

        $input =~ s/[(\.\.)|\/]//g;

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.