Extropia WebBanner Input Validation Vulnerability

Extropia WebBanner is an open-sourced perl cgi utility that allows a webmaster to display banners randomly. One of its components, index.cgi, is vulnerable to an input validation vulnerability. It passes a user-inputtable http variable (html_file) to the open() call without checks for metacharacters. As a result, it is possible to execute arbitrary commands on the target host and gain remote access with the priviliges of the webserver.


Privacy Statement
Copyright 2010, SecurityFocus