Title: Guestbook CGI Remote Command Execution Vulnerability
Severity: HIGH
Description:
When guest book is configured to allow HTML posts and you have enabled server-side includes for HTML, it may be possible for an attacker to embed SSI (server-side include) code in guestbook messages. The server-side includes allow for remote command execution, including displaying of any files to which the web server has read access (see the example):
<!--#exec cmd="cat /etc/group"
In an attempt to stop this from happening, guestbook.pl parses for SSI commands under the assumption that they are in this format:
<-- SSI command -->
^^ Does not need to be there.
Apache will accept different formats, which can evade the regular expression in guestbook.pl, executing commands on the target host as they would [if they were put there by the author].
Affected Products:
- Matt Wright GuestBook 2.3.0
References:
- Matt Wright: GuestBook Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
