Home page logo
/

bugtraq logo Bugtraq mailing list archives

Metacharacterbug in Fastgraf whois.cgi
From: Marco van Berkum <m.v.berkum () obit nl>
Date: Fri, 5 Jan 2001 13:06:57 +0100

Metacharacterbug in the Fastgraf whois.cgi perlscript
-----------------------------------------------------

Author            : Fastgraf (c) All rights reserved.
url                   : http://www.fastgraf.com
realeasedate  : 03/01/99

Problem:
The whois.cgi script of Fastgraf has almost no metacharcterchecking
which enables attackers to execute commands as uid of the webserver.

The metacharcterbug in the script:

   $FORM{'host'} =~ s/(\;)//g;

As you can see only the ";" gets deleted. So attackers are still able
to use pipes, redirectioncharacters and so on.

Solution:

Change the filtering to:

   $FORM{'host'} =~ s/(\W)/\\$1/g;

The author has been notified to correct this problem.

grtz,
Marco van Berkum
------------------------------------------------------------
Sex is like hacking. You get in, you get out,
and you hope you didn't leave something behind
that can be traced back to you.

Marco van Berkum, System Operator/Security Analyst OBIT b.v.
RIPEHANDLE: MB17300-RIPE


  By Date           By Thread  

Current thread:
  • Metacharacterbug in Fastgraf whois.cgi Marco van Berkum (Jan 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault