Wednesday, October 1, 2014

Software flaw #7

Not much time left this week so this time something really easy. Old plain CGI script written in Perl (one of levels from http://www.exploit-exercises.com):

#!/usr/bin/perl

use CGI qw{param};

print "Content-type: text/html\n\n";

sub ping {
  $host = $_[0];

  print("<html><head><title>Ping results</title></head><body><pre>");

  @output = `ping -c 3 $host 2>&1`;
  foreach $line (@output) { print "$line"; } 

  print("</pre></body></html>");

}

# check if Host set. if not, display normal page, etc

ping(param("Host"));

Vulnerability

What type of vulnerability is this? Why this code is vulnerable?

Exploitation

How one could exploit this code? What could be achieved by the exploit?

Mitigation

How to fix this vulnerability? What countermeasure(s) could be put in place in order to make exploitation harder (or impossible)?

My solution will be published on 5.10.2014.