header-logo
Suggest Exploit
vendor:
ePerl
by:
SecurityFocus
8.8
CVSS
HIGH
Command Injection
78
CWE
Product Name: ePerl
Affected Version From: ePerl 1.0
Affected Version To: ePerl 1.0
Patch Exists: No
Related CWE: N/A
CPE: o:epicware:eperl:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
1999

ePerl ISINDEX Query Vulnerability

ePerl is vulnerable to command injection when an ISINDEX query is passed on the command line by the web server. This allows an attacker to execute arbitrary code via the ePerl interpreter, with none of the restrictions enforced normally. In addition, this allows for the execution of any code on the file system. An attacker can place perl code on the file system, determine or guess the path to the code, and then execute it via an appropriate cgi-bin program.

Mitigation:

Restrict access to the ePerl interpreter and ensure that all user input is properly validated.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/151/info

A bug exists in ePerl's handling of the ISINDEX queries. When ISINDEX is used, the query is passed on the command line by the web server. This would allow an attacker to execute arbitrary code via the ePerl interpreter, with none of the restrictions enforced normally. In addition, this allows for the execution of any code on the file system.

1) Place perl code on filesystem. This could be done via a writeable directory on anonymous ftp.
2) Determine (or guess) the path to the code to be executed.
3) Run code via an appropriate cgi-bin program:
http://foo.com/some/dir/doit.phtml?/home/ftp/incoming/executemycode.phtml