FileSeek FileSeek2.cgi Arbitrary Command Execution

2002-04-16T00:00:00
ID OSVDB:3588
Type osvdb
Reporter N|ghtHawk(nighthawk@hackers4hackers.nl)
Modified 2002-04-16T00:00:00

Description

Vulnerability Description

FileSeek contains a flaw that allows a remote attacker to execute arbitrary commands. The issue is due to the FileSeek2.cgi script not properly sanitizing input supplied to the "head" and "foot" variable. By supplying special characters and a valid unix command, the script will execute it with the privileges of the web server.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, the vulnerability discoverer has released a patch in the advisory to address this vulnerability.

Short Description

FileSeek contains a flaw that allows a remote attacker to execute arbitrary commands. The issue is due to the FileSeek2.cgi script not properly sanitizing input supplied to the "head" and "foot" variable. By supplying special characters and a valid unix command, the script will execute it with the privileges of the web server.

Manual Testing Notes

http://[victim]/cgi-bin/FileSeek2.cgi?head=&foot=;id| http://[victim]/cgi-bin/FileSeek2.cgi?head=;id|&foot= http://[victim]/cgi-bin/FileSeek2.cgi?head=&foot=|id| http://[victim]/cgi-bin/FileSeek2.cgi?head=|id|&foot=

References:

Vendor URL: http://www.cgi-perl.com/programs/FileSeek/ Related OSVDB ID: 3589 Related OSVDB ID: 3587 Other Advisory URL: http://www.dsinet.org/textfiles/advisories/FileSeek-advisory.txt Other Advisory URL: http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0132.html ISS X-Force ID: 8857 Bugtraq ID: 6783