Avi Alkalay contribute.cgi/contribute.pl contribdir Variable Arbitrary File Overwrite

2005-10-08T00:00:00
ID OSVDB:19879
Type osvdb
Reporter Steven M. Christey(coley@mitre.org)
Modified 2005-10-08T00:00:00

Description

Vulnerability Description

Celular contribute.cgi or contribute.pl scripts contains a flaw that allows a remote attacker to overwrite arbitrary files. The issue is due to the contribute.pl or contribute.cgi script not properly sanitizing user input, specifically values supplied via the contribdir variable.

Technical Description

contribute.cgi and contribute.pl are the same CGI program with different file extensions. One may be installed as "Celular" and one as "Contribute".

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Celular contribute.cgi or contribute.pl scripts contains a flaw that allows a remote attacker to overwrite arbitrary files. The issue is due to the contribute.pl or contribute.cgi script not properly sanitizing user input, specifically values supplied via the contribdir variable.

Manual Testing Notes

http://[victim]/cgi-bin/contribute.pl?contribdir=<targetfile>\00 http://[victim]/cgi-bin/contribute.cgi?contribdir=<targetfile>\00

References:

Vendor URL: http://www.alkalay.net/software/ Secunia Advisory ID:16895 Related OSVDB ID: 19520 Related OSVDB ID: 19521 Related OSVDB ID: 19519 Related OSVDB ID: 19522 Other Advisory URL: http://osvdb.org/ref/19/19879-christey.txt CVE-2005-3097