APP: Guestbook CGI Remote Command Execution
This signature detects attempts to exploit a known vulnerability against Guestbook CGI. A successful attack can lead to arbitrary code execution.
Extended Description
When Guestbook is configured to allow HTML posts and you have enabled server-side includes for HTML, it may be possible for an attacker to embed SSI (server-side include) code in guestbook messages. The server-side includes allow for remote command execution, including displaying of any files to which the web server has read access (see the example): <!--#exec cmd="cat /etc/group" In an attempt to stop this from happening, guestbook.pl parses for SSI commands under the assumption that they are in this format: ^^ Does not need to be there. Apache will accept different formats, which can evade the regular expression in guestbook.pl, executing commands on the target host as they would [if they were put there by the author].
Affected Products
Matt_wright guestbook
Short Name
APP:MISC:GUESTBOOK-CGI
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CGI CVE-1999-1053 Command Execution Guestbook Remote bid:776
Release Date
08/31/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Matt_wright
CVSS Score
7.5