Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: fastgraf.htm

Fastgraf CGI colllection - no meta character checking



Vulnerability

    whois.cgi, ping.cgi, traceroute.cgi and finger.cgi

Affected

    Fastgraf CGI colllection

Description

    Marco  van  Berkum  found  following.   The  whois.cgi  script  of
    Fastgraf  has   almost  no   metacharcterchecking  which   enables
    attackers  to  execute  commands  as  uid  of  the webserver.  The
    metacharcterbug in the script:

        $FORM{'host'} =~ s/(\;)//g;

    As you can see only the ";" gets deleted.  So attackers are  still
    able to use pipes, redirectioncharacters and so on.

    ping.cgi, traceroute.cgi and finger.cgi have the same bug.

Solution

    Change the filtering to:

        $FORM{'host'} =~ s/(\W)/\\$1/g;

    The author has been notified to correct this problem.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH