Not much time left this week so this time something really easy. Old plain CGI script written in Perl (one of levels from http://www.exploit-exercises.com):
#!/usr/bin/perl
use CGI qw{param};
print "Content-type: text/html\n\n";
sub ping {
$host = $_[0];
print("<html><head><title>Ping results</title></head><body><pre>");
@output = `ping -c 3 $host 2>&1`;
foreach $line (@output) { print "$line"; }
print("</pre></body></html>");
}
# check if Host set. if not, display normal page, etc
ping(param("Host"));
Vulnerability
What type of vulnerability is this? Why this code is vulnerable?
Exploitation
How one could exploit this code? What could be achieved by the exploit?
Mitigation
How to fix this vulnerability? What countermeasure(s) could be put in place in order to make exploitation harder (or impossible)?
My solution will be published on 5.10.2014.
