Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: viewsr~1.htm

viewsrc.cgi - view any file on server



Vulnerability

    viewsrc.cgi

Affected

    viewsrc.cgi 2.0

Description

    Joe  Testa  found  following.   viewsrc.cgi  v2.0 is a source-code
    viewing CGI script.  A vulnerability exists which allows a  remote
    user to view any file on the server.

    The following URL demonstrates the problem:

        http://localhost/cgi-bin/viewsrc.cgi?loc=../[any file outside restricted directory]

Solution

    Apply the following patch to viewsrc.cgi:

    53a54,56
    > $FORM{'loc'} =~ s/\.\.//g;
    > $FORM{'loc'} =~ s/\\//g;
    > $FORM{'loc'} =~ s/\///g;
    65c68
    <          open (INHTML, "$predo") or die &err_loc;
    ---
    >          open (INHTML, "<$predo") or die &err_loc;

    This  patch  removes  any  '..',  '/',  or  '\'s  present  in  the
    $FORM{'loc'} variable.  It also makes the open() command safer  by
    using the '<' read-only specifier.

    Official fix expected.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH