JJ sample CGI program Escape Character Vulnerability
BID:2002
Info
JJ sample CGI program Escape Character Vulnerability
| Bugtraq ID: | 2002 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Dec 24 1996 12:00AM |
| Updated: | Dec 24 1996 12:00AM |
| Credit: | Posted to BugTraq on December 24, 1996 by Aleph One < [email protected] > |
| Vulnerable: |
Rob McCool jj.c 1.0 |
| Not Vulnerable: | |
Discussion
JJ sample CGI program Escape Character Vulnerability
JJ is a sample CGI program distributed with NCSA HTTPd servers. It passes unfiltered user data directly to the /bin/mail program, and as such can be used to escape to a shell using the ~ character on systems with a /bin/mail which allows this. The attacker must know the password the program requests, but by default the program uses HTTPdRocKs or SDGROCKS. These default passwords must be changed in the program's source code. The consequence of a successful exploit is a shell with the UID of the server.
JJ is a sample CGI program distributed with NCSA HTTPd servers. It passes unfiltered user data directly to the /bin/mail program, and as such can be used to escape to a shell using the ~ character on systems with a /bin/mail which allows this. The attacker must know the password the program requests, but by default the program uses HTTPdRocKs or SDGROCKS. These default passwords must be changed in the program's source code. The consequence of a successful exploit is a shell with the UID of the server.
Exploit / POC
JJ sample CGI program Escape Character Vulnerability
See discussion.
See discussion.
Solution / Fix
JJ sample CGI program Escape Character Vulnerability
Solution:
Remove the offending program jj from /cgi-bin
Solution:
Remove the offending program jj from /cgi-bin
References
JJ sample CGI program Escape Character Vulnerability
References:
References: