RNN Guestbook gbadmin.cgi Execute Remote Command

2003-11-26T05:40:08
ID OSVDB:2913
Type osvdb
Reporter OSVDB
Modified 2003-11-26T05:40:08

Description

Vulnerability Description

A remote attacker who gains administrative access can manipulate the gbadmin.cgi script using the ?action variable to change the "entry file" variable to arbitrary commands. This would allow the attacker to execute commands remotely with the privileges the web server runs under.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by disabling all access to the guestbook scripts until a patch or upgrade is made available.

Short Description

A remote attacker who gains administrative access can manipulate the gbadmin.cgi script using the ?action variable to change the "entry file" variable to arbitrary commands. This would allow the attacker to execute commands remotely with the privileges the web server runs under.

Manual Testing Notes

Change the guestbook entry file path to: /etc/passwd;touch /tmp/hacked|

References:

Secunia Advisory ID:10306 Related OSVDB ID: 2873 ISS X-Force ID: 13862 Generic Informational URL: http://packetstormsecurity.nl/0311-exploits/rnnguest12.txt Bugtraq ID: 9116