r1ch.net forums
* Home Help Search Login Register
r1ch.net  |  r1ch.net stuff  |  Bitchbot  |  Topic: Remote command execution...
Pages: [1]
Print
Author Topic: Remote command execution...  (Read 4948 times)
mhig
Guest
« on: October 20, 2003, 08:52:58 am »

Remote command execution is possible due to non filtered input from $query when you do a fortune..

the bug is in these lines:
-----
  @cookie = `/usr/games/fortune $query`;

  while (length(scalar @cookie) > 300) {
    @cookie = `/usr/games/fortune $query`;
  }
-----

fix: (checks $query for 'special characters')
if($query =~ tr/;<>*|`&$!#()[]{}:'"//) { print "someone been bad\n"; }




/mhig
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #1 on: October 26, 2003, 01:07:29 am »

Yes, this is somewhat dangerous bug - there is also another one I won't  disclose just yet. The cookie one is mitigated somewhat as $query must pass the -f file existence check and by trying to put shell commands in this will always fail. Again, another thing fixed in 1.0.3...
Logged
Pages: [1]
Print
r1ch.net  |  r1ch.net stuff  |  Bitchbot  |  Topic: Remote command execution...
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines