|
|
|
|
| |
| CSVForm is a Perl script designed to add records to a CSV database file. A security vulnerability in the product allows attackers to cause the program to execute arbitrary code. |
| |
Credit:
The information has been provided by Jason Gomes.
|
| |
Vulnerable systems:
CSVForm.pl v0.1 (and possibly CSVFormPlus)
This script does not appear to be actively maintained yet it does appear to be used on a number of web sites. Unfortunately, for those who adhere to the author's request to notify him of its use, they may be particularly vulnerable if they happen to be listed under the "Check out sites using our scripts" link located on the homepage.
Problem description:
Examining the script shows that after the query is parsed and the parameter of file is obtained, it is passed directly to the following code sample unfiltered.
sub modify_CSV
{
if(open(CSV,$_[0])){
}
else{
goto &produce_error(
"Can't open CSV file.\n",
"Please, check that you have provided the cgi script with correct CSV file",
" path in the HTML form.\n"
);
}
Exploit:
http://server/cgi-bin/csvform.pl?file=COMMAND_GOES_HERE%00|
Workaround:
Hardcode path to CSV data file or apply proper input validation.
|
|
|
|
|
