|
eXtropia bbs_forum.cgi Remote Arbitrary Command Execution Vulnerability
Solution: Excerpted from CGI Security Advisory #3.1: Patch: http://www.extropia.com/hacks/bbs_security.html If you have made extensive modifications to bbs_forum.cgi and do not wish to start over from scratch, search for the line at the start of bbs_forum.cgi that says &ReadParse; And insert afterwards the following: if ($in{'read'} && $in{'read'} !~ /^\d+-\d+\.msg$/i) { print "Invalid Message #"; die("Invalid Message # provided: " . $in{'read'}); } if ($in{'reply_to_message'} && $in{'reply_to_message'} !~ /^\d+-\d+\.msg$/i) { print "Invalid Reply To Message #"; die("Invalid Reply To Message # provided: " . $in{'reply_to_message'}); } This code assures the script that the message file form variables can only consist of the strict filename format of digits followed by a hyphen followed by some digits followed by the literal string ".msg". We recommend updating your script as soon as possible. Special thanks to cgisecurity.com for pointing our the issue. |
|
|
Privacy Statement |
