Ralf S. Engelschall ePerl 2.2.12 Handling of ISINDEX Query Vulnerability

1998-07-06T00:00:00
ID EDB-ID:19120
Type exploitdb
Reporter Luz Pinto
Modified 1998-07-06T00:00:00

Description

Ralf S. Engelschall ePerl 2.2.12 Handling of ISINDEX Query Vulnerability. CVE-1999-1437. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/151/info

A bug exists in ePerl's handling of the ISINDEX queries. When ISINDEX is used, the query is passed on the command line by the web server. This would allow an attacker to execute arbitrary code via the ePerl interpreter, with none of the restrictions enforced normally. In addition, this allows for the execution of any code on the file system.

1) Place perl code on filesystem. This could be done via a writeable directory on anonymous ftp.
2) Determine (or guess) the path to the code to be executed.
3) Run code via an appropriate cgi-bin program:
http://foo.com/some/dir/doit.phtml?/home/ftp/incoming/executemycode.phtml