{"edition": 1, "title": "Avi Alkalay contribute.cgi/contribute.pl template Variable Arbitrary File Retrieval", "bulletinFamily": "software", "published": "2005-09-12T00:06:15", "lastseen": "2017-04-28T13:20:16", "history": [], "modified": "2005-09-12T00:06:15", "reporter": "Sullo(sullo@cirt.net)", "hash": "7193b3dc3b90a1e138f3b72142550364c1be52034db4e396a979aeaf638f22f7", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:19522", "description": "## Vulnerability Description\nCelular contribute.cgi or contribute.pl scripts contains a flaw that allows a remote attacker to traverse outside of the web path. The issue is due to the contribute.pl or contribute.cgi script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the template variable. It's possible that multiple files can be read via the contribdir variable.\n## Technical Description\ncontribute.cgi and contribute.pl are the same CGI program with different file extensions. One may be installed as \"Celular\" and one as \"Contribute\".\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nCelular contribute.cgi or contribute.pl scripts contains a flaw that allows a remote attacker to traverse outside of the web path. The issue is due to the contribute.pl or contribute.cgi script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the template variable. It's possible that multiple files can be read via the contribdir variable.\n## Manual Testing Notes\nhttp://[victim]/cgi-bin/contribute.pl?template=/etc/passwd&contribdir=.\nhttp://[victim]/cgi-bin/contribute.cgi?template=/etc/passwd&contribdir=.\n## References:\nVendor URL: http://www.alkalay.net/software/\n[Secunia Advisory ID:16895](https://secuniaresearch.flexerasoftware.com/advisories/16895/)\n[Related OSVDB ID: 19520](https://vulners.com/osvdb/OSVDB:19520)\n[Related OSVDB ID: 19521](https://vulners.com/osvdb/OSVDB:19521)\n[Related OSVDB ID: 19519](https://vulners.com/osvdb/OSVDB:19519)\n[Related OSVDB ID: 19879](https://vulners.com/osvdb/OSVDB:19879)\nOther Advisory URL: http://www.cirt.net/advisories/alkalay.shtml\n", "affectedSoftware": [{"name": "contribute.cgi", "version": "16 Jun 2002", "operator": "eq"}, {"name": "contribute.pl", "version": "16 Jun 2002", "operator": "eq"}], "type": "osvdb", "hashmap": [{"key": "affectedSoftware", "hash": "f92f475a10e3716c45aacf56defb083b"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "d39e37d9d5afdb9a392540d6d2021e00"}, {"key": "href", "hash": "7805cb595bebf393587057c29fb19de5"}, {"key": "modified", "hash": "b049bdc88f1da8839ed3c2a0d719e725"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "b049bdc88f1da8839ed3c2a0d719e725"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "65432e349a5db491a3b260b8bdfb20f4"}, {"key": "title", "hash": "defced618fcdb1d4c7df4f69750a5193"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "references": [], "objectVersion": "1.2", "enchantments": {"score": {"value": 1.4, "vector": "NONE", "modified": "2017-04-28T13:20:16"}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:16"}, "vulnersScore": 1.4}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "OSVDB:19522"}

{}