Extropia WebBanner Input Validation Vulnerability

Solution:
The following is taken directly from the BugTraq post regarding this issue, it is a solution provided by the author of the post:

Solution:
~~~~~~~~~~
A snippet of script index.cgi at line 195 without comments:

>---[ line 195 + ]-------------------------------------------------
open (HTML_FILE, "$html_file") ||
&CgiDie (" blablabla... ");
while (<HTML_FILE>)
{
if (/\<!--IMG GOES HERE--\>/)
{
print qq!
<A HREF = "$random_url">
<IMG SRC = "$image_url/$random_image"></A>!;
} else

print "$_";
}
}
close (HTML_FILE);
<------------------------------------------------------------------

above snippet is not save code, to make them safier:

Good code must be seems like this:
>---[ change above snippet to this snippet! ]----------------------
$html_file =~ s/\%([\d\w]{2})/pack('c',hex($1))/gie;

if( $html_file =~ /\.\.\/|\|/ )
{
&CgiDie( "Not allowed... " );
} else {
open (HTML_FILE, "$html_file") ||
&CgiDie ( "I'm sorry, but I was unable to open the requested
HTML file in the Insert Random Banner Into Page routine. The
value I have is $html_file. Would you please check the path and
the permissions for the file." );
while (<HTML_FILE>)
{
if (/\<!--IMG GOES HERE--\>/)
{
print qq!
<A HREF = "$random_url">
<IMG SRC = "$image_url/$random_image"></A>!;
} else

print "$_";
}
}
close (HTML_FILE);
}

Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.



 

Privacy Statement
Copyright 2010, SecurityFocus