Vulnerability
viewsrc.cgi
Affected
viewsrc.cgi 2.0
Description
Joe Testa found following. viewsrc.cgi v2.0 is a source-code
viewing CGI script. A vulnerability exists which allows a remote
user to view any file on the server.
The following URL demonstrates the problem:
http://localhost/cgi-bin/viewsrc.cgi?loc=../[any file outside restricted directory]
Solution
Apply the following patch to viewsrc.cgi:
53a54,56
> $FORM{'loc'} =~ s/\.\.//g;
> $FORM{'loc'} =~ s/\\//g;
> $FORM{'loc'} =~ s/\///g;
65c68
< open (INHTML, "$predo") or die &err_loc;
---
> open (INHTML, "<$predo") or die &err_loc;
This patch removes any '..', '/', or '\'s present in the
$FORM{'loc'} variable. It also makes the open() command safer by
using the '<' read-only specifier.
Official fix expected.
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
