Alibaba tst2.bat Arbitrary Command Execution

2000-07-18T00:00:00
ID OSVDB:5975
Type osvdb
Reporter Prizm(prizm@resentment.org)
Modified 2000-07-18T00:00:00

Description

Vulnerability Description

Alibaba Web Server contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tst2.bat script not properly sanitizing variable input supplied during the request. An attacker who provides a carefuly crafted URL can run additional commands.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: remove the tst2.bat script from the web server

Short Description

Alibaba Web Server contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the tst2.bat script not properly sanitizing variable input supplied during the request. An attacker who provides a carefuly crafted URL can run additional commands.

Manual Testing Notes

Overwrite an arbitrary file: http://[victim]/cgi-bin/tst2.bat|echo%20>c:\arbitrary.txt

Obtain a directory listing: http://[victim]/cgi-bin/tst2.bat|dir%20c:\

References:

Related OSVDB ID: 5972 Related OSVDB ID: 5973 Related OSVDB ID: 5974 Related OSVDB ID: 5976 Related OSVDB ID: 5978 Related OSVDB ID: 5979 Related OSVDB ID: 5977 Related OSVDB ID: 5980 Nessus Plugin ID:10014 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-07/0237.html ISS X-Force ID: 3454