| VID |
21063 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Meta Tag Generator, 'meta.pl' cgi offer an site visitors a measure which will enable them to have their site's link ranked higher in search engine results.
By editing the hidden variable on the html form, a remote user can view any file on the system, having the priviledges as the UID of the httpd server. The following variable within the HTML source shows this hard coded path to the output.txt in it's VALUE tag.
<INPUT TYPE=HIDDEN NAME=TextFile VALUE="/home/cgi-access/html/meta/output.txt">
Thus modifying this VALUE will cause the meta.pl form to output the alternate file that is defined by the user, and this will allow a remote user to view files such as /etc/passwd.
* References:
http://packetstormsecurity.org/9911-exploits/metasearch
http://www.CGI-access.com |
| Recommendation |
Simplest solution is to use environment variables for the output.txt in the meta.pl itself, so it does not display direct hardcoded links. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
