| VID |
21023 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
This CGI has a flaw which can execute arbitrary commands of the server by remote. BizDB is an integrated product which uses Perl CGI.
There's bizdb-search.cgi in this CGI, and this script delivers variable contents for unchecked open() call, also makes to execute with an web server authority. That is, with add semicolon to the rear of variable name, dbname, then pass Shell command, it's going to execute that.
But it is impossible with the browser, cause of checking referrer field in the HTTP request. You can send a referrer field by using network utility like netcat, or programing, though. |
| Recommendation |
Delete bizdb1-search.cgi file from the /cgi-bin directory |
| Related URL |
CVE-2000-0287 (CVE) |
| Related URL |
1104 (SecurityFocus) |
| Related URL |
(ISS) |
|
