HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #73
From team Janet Reno Redemption Fund$
New advisory by : adc
Affected service(s): cgibas
Severity [lmh] : high
===== Problem =====
Index.bas is doing a gosub on unfiltered user input resulting in remote code execution
===== Impact =====
Remote code execution (and command execution if you use pipes to do perl-style commands)
===== Fix =====
Modify the gosub function handler in /usr/bin/cgibas.pl to implement a filter for what kind of filenames are allowed (like no ../'s or that files should always end in .bas) or do proper input sanitization in index.bas
Rating
[0] has been reported by squareroots a while ago