Bugtraq mailing list archives
Bug found at W3Mail Webmail
From: Emanuel Almeida <corb () sekure org>
Date: Sun, 7 Oct 2001 02:32:31 -0200 (BRST)
Name: W3Mail 1.0.2 Personal and Commercial Version Author: Spencer Miles Problem: Script doesnt check for special metacharacters like &;`'\"|*?~<>^()[]{}$\n\r. Any webmail user can execute *nix commands on webserver. Exploit: On any field at "Compose Message", put something like: (Recipient example) foo () bar com"; `/bin/touch /tmp/foobar`; $foo = "bar Fix: Filter this metacharacters on sendmessage.cgi and others.. []s --corb -- Lord, grant me the serenity to accept the things I cannot change, the courage to change the things I can, and the wisdom to hide the bodies of the people I had to kill because they pissed me off.
Current thread:
- Bug found at W3Mail Webmail Emanuel Almeida (Oct 06)
- Re: Bug found in ht://Dig htsearch CGI Geoff Hutchison (Oct 08)