whois.cgi.txt

2001-01-06T00:00:00
ID PACKETSTORM:24020
Type packetstorm
Reporter Marco van Berkum
Modified 2001-01-06T00:00:00

Description

                                        
                                            `Metacharacterbug in the Fastgraf whois.cgi perlscript  
-----------------------------------------------------  
  
Author : Fastgraf (c) All rights reserved.  
url : http://www.fastgraf.com  
realeasedate : 03/01/99  
  
Problem:  
The whois.cgi script of Fastgraf has almost no metacharcterchecking  
which enables attackers to execute commands as uid of the webserver.  
  
The metacharcterbug in the script:  
  
$FORM{'host'} =~ s/(\;)//g;  
  
As you can see only the ";" gets deleted. So attackers are still able  
to use pipes, redirectioncharacters and so on.  
  
Solution:  
  
Change the filtering to:  
  
$FORM{'host'} =~ s/(\W)/\\$1/g;  
  
The author has been notified to correct this problem.  
  
Marco van Berkum  
  
--  
Sex is like hacking. You get in, you get out,  
and you hope you didn't leave something behind  
that can be traced back to you.  
  
Marco van Berkum, System Operator/Security Analyst OBIT b.v.  
RIPEHANDLE: MB17300-RIPE  
  
  
  
`