Arbitrary Shell Command Execution in MyQuiz

Summary

Vulnerability
Arbitrary Shell Command Execution in MyQuiz
Discovered
2006.02.03
Last Update
2006.02.06 Solution added
ID
EV0057
CVE
CVE-2006-0628
Risk Level
high
Type
Command Execution
Status
Patched
Vendor
n/a
Vulnerable Software
MyQuiz (http://www.corantodemo.net/)
Version
1.01
PoC/Exploit
Available
Solution
Available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Command Execution found in MyQuiz (http://www.corantodemo.net/) script.

Vulnerable Script: myquiz.pl

Variable $ENV{'PATH_INFO'} isn't properly sanitized. This can be used to execute arbitrary commands.

System access is possible.

PoC/Exploit

Url Example:

http://host/cgi-bin/myquiz.pl/ask/;command|

Solution.

Vendor-provided solution is available now.

New version of script can be downloaded here:

http://www.corantodemo.net/coranto/viewnews.cgi?id=EpApAAAVkyirPGThSf&style=dldetails