Multiple CGIScript.net programs allows remote attacker to execute URL encoded Perl commands
| cgiscript-url-execute-commands (8636) |  High Risk |
Description:
CGIScript.net could allow a remote attacker to execute Perl commands on the Web server. A remote attacker can send a specially-crafted URL containing the *.cgi script and URL encoded Perl code to execute Perl commands on the server.
Consequences:
Gain Access
Remedy:
For csSearch 2.3 and prior: Upgrade to the latest version of csSearch (2.5 or later), available from CGIScript.net Web site. See References. For csGuestBook, csLiveSupport, csNewsPro, and csChatRBox: Contact CGIScript.net for the latest versions. See References.
References:
- BugTraq Mailing List, Mon Apr 08 2002 - 12:39:53 CDT: multiple CGIscript.net scripts - Remote Code Execution.
- BugTraq Mailing List, Mon Mar 25 2002 - 16:47:23 CST: CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable).
- CGIScript.net Web site: CGI Script.net - Webmaster Resource Site - Free and Professional CGI Scripts and JavaScripts.
- BID-4368: CSSearch Remote Command Execution Vulnerability
- BID-4448: CSGuestbook Remote Command Execution Vulnerability
- BID-4450: CSLiveSupport Remote Command Execution Vulnerability
- BID-4451: CSNews Remote Command Execution Vulnerability
- BID-4452: CSChat-R-Box Remote Command Execution Vulnerability
- CVE-2002-0495: csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
- CVE-2002-0924: CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the Advanced Settings capability.
- CVE-2002-1750: csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
- CVE-2002-1751: csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
- CVE-2002-1752: csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
- CVE-2002-1753: csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
Platforms Affected:
- CGIScript csChatRBox 1.0
- CGIScript csGuestbook
- CGIScript csLiveSupport
- CGIScript csNewsPro
- CGIScript csSearch 2.3 and prior
Reported:
Mar 25, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net