Bugtraq mailing list archives
Re: BS Scripts Vulnerabilities
From: Raptor <raptor () ANTIFORK ORG>
Date: Fri, 22 Dec 2000 13:15:39 +0100
I believe it's important to point out that just filtering out the ';' char doesn't fix the problem. Think about using '&' or '&&' instead of it... Some time ago i had an experience with a vendor i informed of a CGI bug: they fixed the ';' problem in a lame way, so it was still possible to use other chars to execute arbitrary commands. I really think people should learn regex before coding a CGI script and use them in a way that what is not explicitly accepted is denied (like on good firewalls policies). Much more safer:) :raptor On Thu, 21 Dec 2000 rivendell_team () YAHOO COM wrote:
There are a couple of scripts from bsScripts (www.stanback.net) , that have holes in them because the author did not filter out ; from the form input. The scripts that this affects is bsguest (a guestbook script) and bslist (a mailing list script). The hole allows anyone to execute commands on the server. The author has been informed and the holes are now patched in the latest release.
Antifork Research, Inc. @ Mediaservice.net Srl http://raptor.antifork.org http://www.mediaservice.net
Current thread:
- BS Scripts Vulnerabilities rivendell_team (Dec 21)
- Re: BS Scripts Vulnerabilities Raptor (Dec 22)