Advisories : Metacharacterbug in the Fastgraf whois.cgi perlscript

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : Metacharacterbug in the Fastgraf whois.cgi perlscript

Title:	Metacharacterbug in the Fastgraf whois.cgi perlscript
Released by:	Marco van Berkum
Date:	5th January 2001
Printable version:	Click here

Metacharacterbug in the Fastgraf whois.cgi perlscript

-----------------------------------------------------



Author            : Fastgraf (c) All rights reserved.

url                   : http://www.fastgraf.com

realeasedate  : 03/01/99



Problem:

The whois.cgi script of Fastgraf has almost no metacharcterchecking

which enables attackers to execute commands as uid of the webserver.



The metacharcterbug in the script:



   $FORM{'host'} =~ s/(\;)//g;



As you can see only the ";" gets deleted. So attackers are still able

to use pipes, redirectioncharacters and so on.



Solution:



Change the filtering to:



   $FORM{'host'} =~ s/(\W)/\\$1/g;



The author has been notified to correct this problem.



-----------

ping.cgi, traceroute.cgi and finger.cgi  have the same bug ;)

-----------



grtz,

Marco van Berkum

------------------------------------------------------------

Sex is like hacking. You get in, you get out,

and you hope you didn't leave something behind

that can be traced back to you.



Marco van Berkum, System Operator/Security Analyst OBIT b.v.

RIPEHANDLE: MB17300-RIPE