[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: lastlines.cgi path traversal and command execution vulns
From: "BrainRawt ." <brainrawt () hotmail ! com>
Date: 2001-12-30 18:27:29
[Download RAW message or body]
Lastlines.cgi path traversal and command execution vulnerabilities
discovered by BrainRawt.
I wasn't planning on submitting this to bugtraq for its not a
widely used cgi but it is still available for download and some
people may be using it.
lastlines.cgi is a script coded by David Powell that allows
a user to view the contents of a logfile specified by the user.
# $unixdir="path/here";
# $error_log is input by the user of the script.
open(FILE, "$unix_dir/$error_log"
This script inproperly filters in the input allowing the traditional
"../../../../../" path traversal chars in return allowing the user
to leave the hard coded $unix_dir and view any file readable by
the webserver.
EX:../../../../../../etc/motd
This script is also missing a "<" in the open() function which
will allow us to execute any command on that remote server that the
webserver has permission to execute.
EX: path/to/error_log;command arg1|
Note: The author has been notified but hasnt replied.
_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic