[Date Prev]   [Date Next] [Thread Prev]   [Thread Next] [Date Index]   [Thread Index]

 

     Potential webnocol.cgi Vulnerability


hi Vikas,

Was going through the code for webnocol.cgi and I came across this near
line 663,

   if ($cmd) {
      $cmd =~ s/DEVICE/$siteaddr/ ;     # replace keyword with IP address
      if (! open (CMD, "$cmd 2>&1 |") ) {
        print "Command $cmd error  <p>\n";

This portion replaces the keyword DEVICE with the $siteaddr posted by the
HTML form (lines 127) so a malicious user that knows a site is using
NOCOL, and that is unrestricted by .htaccess can cause a bit of a problem
by doing a POST with dangerous characters placed in the field 'siteaddr'.

A suggestion would be to do a

	$siteaddr=~y/[a-zA-Z0-9_.\-]//cd;

prior to executing the diagnostic commands. 

Comments are welcomed.

rgds,
Lim Fung