Jason Maloney Guestbook Arbitrary Command Execution

2003-12-01T04:23:29
ID OSVDB:2889
Type osvdb
Reporter OSVDB
Modified 2003-12-01T04:23:29

Description

Vulnerability Description

The vulnerability occurs in the routine that reads and converts user input from hexidecimal. The routine assigns values to all variable names accordingly as specified in the HTTP POST request (guestbook posts are POSTed). An attacker can send a hand crafted POST request which will execute arbitrary commands on the server.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Replace the vulnerable code in the guestbook so that it checks the values of the important variables after user input. Sample code is available.

Short Description

The vulnerability occurs in the routine that reads and converts user input from hexidecimal. The routine assigns values to all variable names accordingly as specified in the HTTP POST request (guestbook posts are POSTed). An attacker can send a hand crafted POST request which will execute arbitrary commands on the server.

References:

Secunia Advisory ID:10336 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-11/0356.html ISS X-Force ID: 13886 Bugtraq ID: 9139