Re: BS Scripts Vulnerabilities

[Raptor <raptor () ANTIFORK ORG>]

I believe it's important to point out that just filtering out the ';' char
doesn't fix the problem. Think about using '&' or '&&' instead of it...
Some time ago i had an experience with a vendor i informed of a CGI bug:
they fixed the ';' problem in a lame way, so it was still possible to use
other chars to execute arbitrary commands.

I really think people should learn regex before coding a CGI script and
use them in a way that what is not explicitly accepted is denied (like on
good firewalls policies). Much more safer:)

:raptor


On Thu, 21 Dec 2000 rivendell_team () YAHOO COM wrote:

> There are a couple of scripts from bsScripts
> (www.stanback.net) , that have holes in them
> because the author did not filter out ; from the form
> input.  The scripts that this affects is bsguest (a
> guestbook script) and bslist (a mailing list script).
> The hole allows anyone to execute commands on the
> server.  The author has been informed and the holes
> are now patched in the latest release.

Antifork Research, Inc.                         @ Mediaservice.net Srl
http://raptor.antifork.org                      http://www.mediaservice.net