AHG's 'search.cgi' Search Engine Input Validation Flaw Lets Remote Users Execute Arbitrary Commands on the Web Server
|
Date: Jan 26 2002
|
Impact: Execution of arbitrary code via network, User access via network
|
Exploit Included: Yes
|
Description: An input validation flaw was reported in several versions of AHG's 'search.cgi' search engine software. A remote user can execute arbitrary commands on the server.
It is reported that a remote user can specify operating system commands in place of the template file name and the search engine
will execute those commands.
A demonstration exploit is provided:
http://[targethost]/cgi-bin/publisher/search.cgi?dir=jobs&template=;ls|&output_number=10
The
commands will be executed with the privileges of the web server.
|
Impact: A remote user can execute commands with the privileges of the web server.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: ahg.com/index.htm (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Underlying OS Comments: Perl-based
|
Reported By: "Aleksey Sintsov" <xakepsin@quake.ru>
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 26 Jan 2002 01:16:54 -0500
From: "Aleksey Sintsov" <xakepsin@quake.ru>
Subject: search.cgi
|
Bug in Search Engines
VENDOR: www.ahg.com
(www.ahg.com/software.htm)
search.cgi will not check up input attacking.
Instead of template of the file it is possible to specify
any command.
Ex.
Listing current dir
http://www.target.com/cgi-bin/publisher/search.cgi?dir=jobs&template=;ls|&output_number=10
Don Huan aka Alexey Sintsov
XP-TEAM
---
Professional hosting for everyone - http://www.host.ru
|
|
