Arbitrary Shell Command Execution in MyQuiz

Summary

Vulnerability
Arbitrary Shell Command Execution in MyQuiz
Discovered
2006.02.03
Last Update
2006.02.06 Solution added
ID
EV0057
CVE
CVE-2006-0628
Risk Level
high
Type
Command Execution
Status
Patched
Vendor
n/a
Vulnerable Software
MyQuiz (http://www.corantodemo.net/)
Version
1.01
PoC/Exploit
Available
Solution
Available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Command Execution found in MyQuiz (http://www.corantodemo.net/) script.

Vulnerable Script: myquiz.pl

Variable $ENV{'PATH_INFO'} isn't properly sanitized. This can be used to execute arbitrary commands.

System access is possible.

PoC/Exploit

Url Example:

http://host/cgi-bin/myquiz.pl/ask/;command|

Solution.

Vendor-provided solution is available now.

New version of script can be downloaded here:

http://www.corantodemo.net/coranto/viewnews.cgi?id=EpApAAAVkyirPGThSf&style=dldetails

Order Source Code Review made by eVuln

Protect a site by PHP code audit of your website made by our team.The work will be done by experts in web security.

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>