advisory

[UkR hacking team <ukrteam () ukr net>]

---=== UkR security team - Advisory no. 11 ===---
Anaconda Clipper - 'arbitrary file retreival' vulnerability

Date: 27.03.2001

Problem: input validation error.

Vulnerable products: Anaconda Clipper ver. 3.3 (probably others, but not tested)

Product vendor: Anaconda / http://www.anaconda.net

Comment: '..' and '/' are not filtered while processing user input, so it is possible to enter arbitrary values to 
retreive files from remote sever, which should not be accessible normally (for ex., /etc/passwd).

Workaround:
# this will help in somewhat...
$input =~ s/[(\.\.)|\/]//g;

Author: UkR-XblP / UkR security team / http://www.ukrteam.ru

Example:
http://blah.somenonexistanthost.com/cgi-bin/anacondaclip.pl?template=../../../../../../../../../../../../../../../../../../etc/passwd




--------------------------------------------------------------------------------


UkR XblP