Extropia WebBanner输入确认漏洞发布时间:2000-04-08 更新时间:2000-04-08 严重程度:高 威胁程度:普通用户访问权限 错误类型:输入验证错误 利用方式:服务器模式 受影响系统 Extropia WebBanner 4.0详细描述 Extropia WebBanner 4.0 是一个开放源码的PERL CGI工具,允许WEBMASTER 随机显示BANNER,其中的一个组件index.cgi存在输入确认漏洞,它提交一个用户可输入http参数(htmp_file)到open()调用,而没有检查meta字符,结果是允许在目标主机上执行任意命令。 测试代码 尚无 解决方案 下面段代码: >---[ line 195 + ]------------------------------------------------- open (HTML_FILE, "$html_file") || &CgiDie (" blablabla... "); while (<HTML_FILE>) { if (/\<!--IMG GOES HERE--\>/) { print qq! <A HREF = "$random_url"> <IMG SRC = "$image_url/$random_image"></A>!; } else print "$_"; } } close (HTML_FILE); <------------------------------------------------------------------ 用下面的代码来代替: >---[ change above snippet to this snippet! ]---------------------- $html_file =~ s/\%([\d\w]{2})/pack('c',hex($1))/gie; if( $html_file =~ /\.\.\/|\|/ ) { &CgiDie( "Not allowed... " ); } else { open (HTML_FILE, "$html_file") || &CgiDie ( "I'm sorry, but I was unable to open the requested HTML file in the Insert Random Banner Into Page routine. The value I have is $html_file. Would you please check the path and the permissions for the file." ); while (<HTML_FILE>) { if (/\<!--IMG GOES HERE--\>/) { print qq! <A HREF = "$random_url"> <IMG SRC = "$image_url/$random_image"></A>!; } else print "$_"; } } close (HTML_FILE); } 相关信息 |
