[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Metacharacterbug in the Fastgraf whois.cgi perlscript

Title: Metacharacterbug in the Fastgraf whois.cgi perlscript
Released by: Marco van Berkum
Date: 5th January 2001
Printable version: Click here
Metacharacterbug in the Fastgraf whois.cgi perlscript


Author            : Fastgraf (c) All rights reserved.

url                   : http://www.fastgraf.com

realeasedate  : 03/01/99


The whois.cgi script of Fastgraf has almost no metacharcterchecking

which enables attackers to execute commands as uid of the webserver.

The metacharcterbug in the script:

   $FORM{'host'} =~ s/(\;)//g;

As you can see only the ";" gets deleted. So attackers are still able

to use pipes, redirectioncharacters and so on.


Change the filtering to:

   $FORM{'host'} =~ s/(\W)/\\$1/g;

The author has been notified to correct this problem.


ping.cgi, traceroute.cgi and finger.cgi  have the same bug ;)



Marco van Berkum


Sex is like hacking. You get in, you get out,

and you hope you didn't leave something behind

that can be traced back to you.

Marco van Berkum, System Operator/Security Analyst OBIT b.v.


(C) 1999-2000 All rights reserved.